CVE-2008-5709
Summary
| CVE | CVE-2008-5709 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2008-12-24 18:29:00 UTC |
| Updated | 2017-08-08 01:33:00 UTC |
| Description | Multiple unspecified vulnerabilities in the web management interface in Avaya Communication Manager (CM) 3.1 before 3.1.4 SP2, 4.0 before 4.0.3 SP1, and 5.0 before 5.0 SP3 allow remote authenticated users to execute arbitrary code via unknown attack vectors in the (1) Set Static Routes and (2) Backup History components. |
Risk And Classification
Problem Types: CWE-20 | NVD-CWE-noinfo
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Avaya | Communication Manager | 3.1.1 | All | All | All |
| Application | Avaya | Communication Manager | 3.1.2 | All | All | All |
| Application | Avaya | Communication Manager | 3.1.3 | All | All | All |
| Application | Avaya | Communication Manager | 3.1.4 | sp1 | All | All |
| Application | Avaya | Communication Manager | 4.0 | All | All | All |
| Application | Avaya | Communication Manager | 4.0.1 | All | All | All |
| Application | Avaya | Communication Manager | 4.0.1 | sp15215 | All | All |
| Application | Avaya | Communication Manager | 4.0.1 | sp15500 | All | All |
| Application | Avaya | Communication Manager | 4.0.3 | All | All | All |
| Application | Avaya | Communication Manager | 5.0 | All | All | All |
| Application | Avaya | Communication Manager | 5.0 | sp1 | All | All |
| Application | Avaya | Communication Manager | 5.0 | sp2 | All | All |
| Application | Avaya | Communication Manager | 3.1.1 | All | All | All |
| Application | Avaya | Communication Manager | 3.1.2 | All | All | All |
| Application | Avaya | Communication Manager | 3.1.3 | All | All | All |
| Application | Avaya | Communication Manager | 3.1.4 | sp1 | All | All |
| Application | Avaya | Communication Manager | 4.0 | All | All | All |
| Application | Avaya | Communication Manager | 4.0.1 | All | All | All |
| Application | Avaya | Communication Manager | 4.0.1 | sp15215 | All | All |
| Application | Avaya | Communication Manager | 4.0.1 | sp15500 | All | All |
| Application | Avaya | Communication Manager | 4.0.3 | All | All | All |
| Application | Avaya | Communication Manager | 5.0 | All | All | All |
| Application | Avaya | Communication Manager | 5.0 | sp1 | All | All |
| Application | Avaya | Communication Manager | 5.0 | sp2 | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Avaya Communication Manager Web Administration Interface - Privilege Elevation Vulnerability | Research | VoIPshield Systems Inc. | MISC | www.voipshield.com | |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | VUPEN | www.vupen.com | |
| Avaya Communication Manager Web Administration Interface - Code Execution Vulnerability | Research | VoIPshield Systems Inc. | MISC | www.voipshield.com | |
| IBM X-Force Exchange | XF | exchange.xforce.ibmcloud.com | |
| Avaya Communication Manager Web Administration Multiple Security Vulnerabilities | BID | www.securityfocus.com | |
| ASA-2008-391 (October 2008) | CONFIRM | support.avaya.com | Vendor Advisory |
| Avaya Communication Manager Arbitrary Command Execution Vulnerabilities - Secunia.com | SECUNIA | secunia.com | Vendor Advisory |
| IBM X-Force Exchange | XF | exchange.xforce.ibmcloud.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.