CVE-2008-6706
Summary
| CVE | CVE-2008-6706 |
|---|---|
| State | PUBLISHED |
| Assigner | mitre |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2009-04-10 22:00:00 UTC |
| Updated | 2026-04-23 00:35:47 UTC |
| Description | Multiple unspecified vulnerabilities in the Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, allow remote attackers to obtain (1) application server configuration, (2) database server configuration including encrypted passwords, (3) a system utility that decrypts "subscriber table passwords," (4) a system utility that decrypts database passwords, and (5) a system utility that encrypts "subscriber table passwords." |
Risk And Classification
Primary CVSS: v2.0 7.8 from [email protected]
AV:N/AC:L/Au:N/C:C/I:N/A:N
Problem Types: NVD-CWE-noinfo | n/a
CVSS v2.0 Breakdown
Access Vector
NetworkAccess Complexity
LowAuthentication
NoneConfidentiality
CompleteIntegrity
NoneAvailability
NoneAV:N/AC:L/Au:N/C:C/I:N/A:N
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Avaya | Communication Manager | 3.1 | All | All | All |
| Application | Avaya | Communication Manager | 3.1.1 | All | All | All |
| Application | Avaya | Communication Manager | 3.1.2 | All | All | All |
| Application | Avaya | Communication Manager | 3.1.3 | All | All | All |
| Application | Avaya | Communication Manager | 3.1.4 | All | All | All |
| Application | Avaya | Communication Manager | 3.1.4 | sp1 | All | All |
| Application | Avaya | Communication Manager | 3.1.4 | sp2 | All | All |
| Application | Avaya | Communication Manager | 3.1.5 | All | All | All |
| Application | Avaya | Communication Manager | 3.1.5 | sp0 | All | All |
| Application | Avaya | Sip Enablement Services | 3.0 | All | All | All |
| Application | Avaya | Sip Enablement Services | 3.1 | All | All | All |
| Application | Avaya | Sip Enablement Services | 3.1.1 | All | All | All |
| Application | Avaya | Sip Enablement Services | 4.0 | All | All | All |
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| osvdb.org/46602 | af854a3a-2127-422b-91ae-364da2661108 | osvdb.org | |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | af854a3a-2127-422b-91ae-364da2661108 | www.vupen.com | |
| Nothing found for Research Details Php?id=84 | af854a3a-2127-422b-91ae-364da2661108 | www.voipshield.com | |
| www.voipshield.com/research-details.php | af854a3a-2127-422b-91ae-364da2661108 | www.voipshield.com | |
| www.voipshield.com/research-details.php | af854a3a-2127-422b-91ae-364da2661108 | www.voipshield.com | |
| Avaya Communication Manager Multiple Security Vulnerabilities | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | |
| Avaya SIP Enablement Services Multiple Vulnerabilities - Secunia Advisories - Vulnerability Intelligence - Secunia.com | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | |
| ASA-2008-268 | af854a3a-2127-422b-91ae-364da2661108 | support.avaya.com | Vendor Advisory |
| Nothing found for Research Details Php?id=83 | af854a3a-2127-422b-91ae-364da2661108 | www.voipshield.com | |
| Nothing found for Research Details Php?id=85 | af854a3a-2127-422b-91ae-364da2661108 | www.voipshield.com | |
| IBM X-Force Exchange | af854a3a-2127-422b-91ae-364da2661108 | exchange.xforce.ibmcloud.com | |
| IBM X-Force Exchange | af854a3a-2127-422b-91ae-364da2661108 | exchange.xforce.ibmcloud.com | |
| IBM X-Force Exchange | af854a3a-2127-422b-91ae-364da2661108 | exchange.xforce.ibmcloud.com | |
| IBM X-Force Exchange | af854a3a-2127-422b-91ae-364da2661108 | exchange.xforce.ibmcloud.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.