Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-3811

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2012-3811
Last Modified 17 Jul 2012 12:00:00
Published 03 Jul 2012 03:55:04
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-3811

Summary

Unrestricted file upload vulnerability in ImageUpload.ashx in the Wallboard application in Avaya IP Office Customer Call Reporter 7.0 before 7.0.5.8 Q1 2012 Maintenance Release and 8.0 before 8.0.9.13 Q1 2012 Maintenance Release allows remote attackers to execute arbitrary code by uploading an executable file and then accessing it via a direct request.

Vulnerable Systems

Application

  • Avaya Ip Office Customer Call Reporter 7.0

  • Avaya Ip Office Customer Call Reporter 8.0


References

CONFIRM - https://downloads.avaya.com/css/P8/documents/100164021

MISC - http://zerodayinitiative.com/advisories/ZDI-12-106/


Last Updated: 27 May 2016 10:57:33