Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-6708

Overview

Vulnerability Score 9.0 9.0
CVE Id CVE-2008-6708
Last Modified 19 Aug 2009 01:24:19
Published 10 Apr 2009 06:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2008-6708

Summary

Unspecified vulnerability in the Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x and 4.x, allows remote authenticated administrators to gain root privileges via unknown vectors related to configuration of "data viewing or restoring parameters."

Vulnerable Systems

Application

  • Avaya Communication Manager 3.1

  • Avaya Communication Manager 3.1.1

  • Avaya Communication Manager 3.1.2

  • Avaya Communication Manager 3.1.3

  • Avaya Communication Manager 3.1.4

  • Avaya Communication Manager 3.1.5

  • Avaya Communication Manager 4.0

  • Avaya Communication Manager 4.0.1

  • Avaya Communication Manager 4.0.3

  • Avaya Sip Enablement Services 3.0


References

XF - avaya-ses-parameters-code-execution(43390)

VUPEN - ADV-2008-1943

MISC - http://www.voipshield.com/research-details.php?id=77

BID - 29939

CONFIRM - http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm

SECUNIA - 30751

OSVDB - 46604


Last Updated: 27 May 2016 10:49:18