CVE-2008-3081

Summary

CVE	CVE-2008-3081
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2008-07-09 00:41:00 UTC
Updated	2017-08-08 01:31:00 UTC
Description	Multiple unspecified "input validation" vulnerabilities in the Web management interface (aka Messaging Administration interface) in Avaya Message Storage Server (MSS) 3.x and 4.0, and possibly Communication Manager 3.1.x, allow remote authenticated administrators to execute arbitrary commands as user vexvm via vectors related to (1) SFTP Remote Store configuration; (2) remote FTP storage settings; (3) name server lookup; (4) pinging another host; (5) TCP/IP Networking parameter configuration; (6) the external hosts configuration main page; (7) adding and changing external hosts; (8) Windows domain parameter configuration; (9) date, time, and NTP server configuration; (10) alarm settings; (11) the command line history form; (12) the maintenance form; and (13) the server events form.

Risk And Classification

Problem Types: CWE-20

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Avaya	Messaging Storage Server	3	All	All	All
Application	Avaya	Messaging Storage Server	3.1	All	All	All
Application	Avaya	Messaging Storage Server	4.0	All	All	All
Application	Avaya	Messaging Storage Server	3	All	All	All
Application	Avaya	Messaging Storage Server	3.1	All	All	All
Application	Avaya	Messaging Storage Server	4.0	All	All	All

References

Reference	Source	Link	Tags
Message Storage Server Network Configuration Arbitrary Command Execution \| Research \| VoIPshield Systems Inc.	MISC	www.voipshield.com
Message Storage Server DNS Lookup Arbitrary Command Execution \| Research \| VoIPshield Systems Inc.	MISC	www.voipshield.com
IBM X-Force Exchange	XF	exchange.xforce.ibmcloud.com
Message Storage Server FTP Remote Storage Arbitrary Command Execution \| Research \| VoIPshield Systems Inc.	MISC	www.voipshield.com
IBM X-Force Exchange	XF	exchange.xforce.ibmcloud.com
Message Storage Server Alarm Configuration Arbitrary Command Execution \| Research \| VoIPshield Systems Inc.	MISC	www.voipshield.com
Avaya Message Storage Server Input Validation Vulnerabilities - Secunia Advisories - Vulnerability Intelligence - Secunia.com	SECUNIA	secunia.com	Vendor Advisory
Message Storage Command Line History Arbitrary Command Execution \| Research \| VoIPshield Systems Inc.	MISC	www.voipshield.com
Message Storage Server Events Arbitrary Command Execution \| Research \| VoIPshield Systems Inc.	MISC	www.voipshield.com
Message Storage Server Windows Domain Configuration Arbitrary Command Execution \| Research \| VoIPshield Systems Inc.	MISC	www.voipshield.com
Avaya Communication Manager Multiple Remote Command Execution Vulnerabilities	BID	www.securityfocus.com
Message Storage Server External Hosts Configuration Arbitrary Command Execution \| Research \| VoIPshield Systems Inc.	MISC	www.voipshield.com
Message Storage Server Ping Arbitrary Command Execution \| Research \| VoIPshield Systems Inc.	MISC	www.voipshield.com
Message Storage Server Time Configuration Arbitrary Command Execution \| Research \| VoIPshield Systems Inc.	MISC	www.voipshield.com
Message Storage Server SFTP Remote Storage Command Execution \| Research \| VoIPshield Systems Inc.	MISC	www.voipshield.com
IBM X-Force Exchange	XF	exchange.xforce.ibmcloud.com
Message Storage Server Maintenance Arbitrary Command Execution \| Research \| VoIPshield Systems Inc.	MISC	www.voipshield.com
ASA-2008-269	CONFIRM	support.avaya.com
Webmail : Solution de messagerie professionnelle - OVHcloud- OVH	VUPEN	www.vupen.com
Message Storage Server External Hosts Add/Change Configuration Arbitrary Command Execution \| Research \| VoIPshield Systems Inc.	MISC	www.voipshield.com
46587	OSVDB	osvdb.org
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.