Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-6707

Overview

Vulnerability Score 6.4 6.4
CVE Id CVE-2008-6707
Last Modified 09 Sep 2009 01:36:11
Published 10 Apr 2009 06:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-6707

Summary

The Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, does not perform authentication for certain functionality, which allows remote attackers to obtain sensitive information and access restricted functionality via (1) the certificate installation utility, (2) unspecified scripts in the objects folder, (3) an "unnecessary default application," (4) unspecified scripts in the states folder, (5) an unspecified "default application" that lists server configuration, and (6) "full system help."

Vulnerable Systems

Application

  • Avaya Communication Manager 3.1

  • Avaya Communication Manager 3.1.1

  • Avaya Communication Manager 3.1.2

  • Avaya Communication Manager 3.1.3

  • Avaya Communication Manager 3.1.4

  • Avaya Communication Manager 3.1.5

  • Avaya Sip Enablement Services 3.0

  • Avaya Sip Enablement Services 3.1

  • Avaya Sip Enablement Services 3.1.1

  • Avaya Sip Enablement Services 4.0


References

XF - avaya-ses-help-information-disclosure(43395)

XF - avaya-ses-application-info-disclosure(43394)

XF - avaya-ses-statesfolder-code-execution(43393)

XF - avaya-ses-application-unauth-access(43389)

XF - avaya-ses-certificate-info-disclosure(43384)

XF - avaya-ses-objectsfolder-code-execution(43381)

VUPEN - ADV-2008-1943

MISC - http://www.voipshield.com/research-details.php?id=91

MISC - http://www.voipshield.com/research-details.php?id=90

MISC - http://www.voipshield.com/research-details.php?id=89

MISC - http://www.voipshield.com/research-details.php?id=88

MISC - http://www.voipshield.com/research-details.php?id=87

MISC - http://www.voipshield.com/research-details.php?id=86

BID - 29939

CONFIRM - http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm

SECUNIA - 30751

OSVDB - 46600

OSVDB - 46599

OSVDB - 46598


Last Updated: 27 May 2016 10:49:18