Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-6710

Overview

Vulnerability Score 9.0 9.0
CVE Id CVE-2008-6710
Last Modified 29 Apr 2009 01:27:22
Published 10 Apr 2009 06:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2008-6710

Summary

Unspecified vulnerability in the Web administration interface in Avaya Communication Manager 3.1.x before CM 3.1.4 SP2 and 4.0.x before 4.0.3 SP1 allows remote authenticated administrators to gain root privileges via unknown vectors related to "configuring data viewing or restoring credentials."

Vulnerable Systems

Application

  • Avaya Communication Manager 3.1

  • Avaya Communication Manager 3.1.1

  • Avaya Communication Manager 3.1.2

  • Avaya Communication Manager 3.1.3

  • Avaya Communication Manager 4.0

  • Avaya Communication Manager 4.0.1

  • Avaya Communication Manager 4.0.2

  • Avaya Communication Manager 4.0.3


References

XF - avaya-cm-interface-code-execution(43386)

VUPEN - ADV-2008-1944

MISC - http://www.voipshield.com/research-details.php?id=79

BID - 29939

OSVDB - 46582

CONFIRM - http://support.avaya.com/elmodocs2/security/ASA-2008-270.htm

SECUNIA - 30799


Last Updated: 27 May 2016 10:49:18