Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-6709

Overview

Vulnerability Score 9.0 9.0
CVE Id CVE-2008-6709
Last Modified 19 Aug 2009 01:24:19
Published 10 Apr 2009 06:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2008-6709

Summary

Unspecified vulnerability in the Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, allows remote authenticated users to execute arbitrary commands via unknown vectors related to configuration of "local data viewing or restoring parameters."

Vulnerable Systems

Application

  • Avaya Communication Manager 3.1

  • Avaya Communication Manager 3.1.1

  • Avaya Communication Manager 3.1.2

  • Avaya Communication Manager 3.1.3

  • Avaya Communication Manager 3.1.4

  • Avaya Communication Manager 3.1.5

  • Avaya Sip Enablement Services 3.0

  • Avaya Sip Enablement Services 3.1

  • Avaya Sip Enablement Services 3.1.1

  • Avaya Sip Enablement Services 4.0


References

XF - avaya-ses-command-execution(43380)

VUPEN - ADV-2008-1943

MISC - http://www.voipshield.com/research-details.php?id=78

BID - 29939

OSVDB - 46603

CONFIRM - http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm

SECUNIA - 30751


Last Updated: 27 May 2016 10:49:18