{"api_version":"1","generated_at":"2026-04-22T23:29:34+00:00","cve":"CVE-2008-3081","urls":{"html":"https://cve.report/CVE-2008-3081","api":"https://cve.report/api/cve/CVE-2008-3081.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2008-3081","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2008-3081"},"summary":{"title":"CVE-2008-3081","description":"Multiple unspecified \"input validation\" vulnerabilities in the Web management interface (aka Messaging Administration interface) in Avaya Message Storage Server (MSS) 3.x and 4.0, and possibly Communication Manager 3.1.x, allow remote authenticated administrators to execute arbitrary commands as user vexvm via vectors related to (1) SFTP Remote Store configuration; (2) remote FTP storage settings; (3) name server lookup; (4) pinging another host; (5) TCP/IP Networking parameter configuration; (6) the external hosts configuration main page; (7) adding and changing external hosts; (8) Windows domain parameter configuration; (9) date, time, and NTP server configuration; (10) alarm settings; (11) the command line history form; (12) the maintenance form; and (13) the server events form.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2008-07-09 00:41:00","updated_at":"2017-08-08 01:31:00"},"problem_types":["CWE-20"],"metrics":[],"references":[{"url":"http://www.voipshield.com/research-details.php?id=96","name":"http://www.voipshield.com/research-details.php?id=96","refsource":"MISC","tags":[],"title":"Message Storage Server Network Configuration Arbitrary Command Execution | Research | VoIPshield Systems Inc.","mime":"text/html","httpstatus":"404","archivestatus":"200"},{"url":"http://www.voipshield.com/research-details.php?id=94","name":"http://www.voipshield.com/research-details.php?id=94","refsource":"MISC","tags":[],"title":"Message Storage Server DNS Lookup Arbitrary Command Execution | Research | VoIPshield Systems Inc.","mime":"text/html","httpstatus":"404","archivestatus":"200"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/43424","name":"avaya-mss-ftpstorage-command-execution(43424)","refsource":"XF","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.voipshield.com/research-details.php?id=93","name":"http://www.voipshield.com/research-details.php?id=93","refsource":"MISC","tags":[],"title":"Message Storage Server FTP Remote Storage Arbitrary Command Execution | Research | VoIPshield Systems Inc.","mime":"text/html","httpstatus":"404","archivestatus":"200"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/43422","name":"avaya-mss-tcpip-command-execution(43422)","refsource":"XF","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.voipshield.com/research-details.php?id=101","name":"http://www.voipshield.com/research-details.php?id=101","refsource":"MISC","tags":[],"title":"Message Storage Server Alarm Configuration Arbitrary Command Execution | Research | VoIPshield Systems Inc.","mime":"text/html","httpstatus":"404","archivestatus":"200"},{"url":"http://secunia.com/advisories/30777","name":"30777","refsource":"SECUNIA","tags":["Vendor Advisory"],"title":"Avaya Message Storage Server Input Validation Vulnerabilities - Secunia Advisories - Vulnerability Intelligence - Secunia.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.voipshield.com/research-details.php?id=102","name":"http://www.voipshield.com/research-details.php?id=102","refsource":"MISC","tags":[],"title":"Message Storage Command Line History Arbitrary Command Execution | Research | VoIPshield Systems Inc.","mime":"text/html","httpstatus":"404","archivestatus":"200"},{"url":"http://www.voipshield.com/research-details.php?id=104","name":"http://www.voipshield.com/research-details.php?id=104","refsource":"MISC","tags":[],"title":"Message Storage Server Events Arbitrary Command Execution | Research | VoIPshield Systems Inc.","mime":"text/html","httpstatus":"404","archivestatus":"200"},{"url":"http://www.voipshield.com/research-details.php?id=99","name":"http://www.voipshield.com/research-details.php?id=99","refsource":"MISC","tags":[],"title":"Message Storage Server Windows Domain Configuration Arbitrary Command Execution | Research | VoIPshield Systems Inc.","mime":"text/html","httpstatus":"404","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/29938","name":"29938","refsource":"BID","tags":[],"title":"Avaya Communication Manager Multiple Remote Command Execution Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://www.voipshield.com/research-details.php?id=97","name":"http://www.voipshield.com/research-details.php?id=97","refsource":"MISC","tags":[],"title":"Message Storage Server External Hosts Configuration Arbitrary Command Execution | Research | VoIPshield Systems Inc.","mime":"text/html","httpstatus":"404","archivestatus":"200"},{"url":"http://www.voipshield.com/research-details.php?id=95","name":"http://www.voipshield.com/research-details.php?id=95","refsource":"MISC","tags":[],"title":"Message Storage Server Ping Arbitrary Command Execution | Research | VoIPshield Systems Inc.","mime":"text/html","httpstatus":"404","archivestatus":"200"},{"url":"http://www.voipshield.com/research-details.php?id=100","name":"http://www.voipshield.com/research-details.php?id=100","refsource":"MISC","tags":[],"title":"Message Storage Server Time Configuration Arbitrary Command Execution | Research | VoIPshield Systems Inc.","mime":"text/html","httpstatus":"404","archivestatus":"200"},{"url":"http://www.voipshield.com/research-details.php?id=92","name":"http://www.voipshield.com/research-details.php?id=92","refsource":"MISC","tags":[],"title":"Message Storage Server SFTP Remote Storage Command Execution | Research | VoIPshield Systems Inc.","mime":"text/html","httpstatus":"404","archivestatus":"200"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/43423","name":"avaya-mss-nameserver-command-execution(43423)","refsource":"XF","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.voipshield.com/research-details.php?id=103","name":"http://www.voipshield.com/research-details.php?id=103","refsource":"MISC","tags":[],"title":"Message Storage Server Maintenance Arbitrary Command Execution | Research | VoIPshield Systems Inc.","mime":"text/html","httpstatus":"404","archivestatus":"200"},{"url":"http://support.avaya.com/elmodocs2/security/ASA-2008-269.htm","name":"http://support.avaya.com/elmodocs2/security/ASA-2008-269.htm","refsource":"CONFIRM","tags":[],"title":"ASA-2008-269","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.vupen.com/english/advisories/2008/1945/references","name":"ADV-2008-1945","refsource":"VUPEN","tags":[],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.voipshield.com/research-details.php?id=98","name":"http://www.voipshield.com/research-details.php?id=98","refsource":"MISC","tags":[],"title":"Message Storage Server External Hosts Add/Change Configuration Arbitrary Command Execution | Research | VoIPshield Systems Inc.","mime":"text/html","httpstatus":"404","archivestatus":"200"},{"url":"http://osvdb.org/46587","name":"46587","refsource":"OSVDB","tags":[],"title":"","mime":"","httpstatus":"-1","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2008-3081","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2008-3081","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2008","cve_id":"3081","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"avaya","cpe5":"messaging_storage_server","cpe6":"3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2008","cve_id":"3081","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"avaya","cpe5":"messaging_storage_server","cpe6":"3.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2008","cve_id":"3081","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"avaya","cpe5":"messaging_storage_server","cpe6":"4.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2008","cve_id":"3081","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"avaya","cpe5":"messaging_storage_server","cpe6":"3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2008","cve_id":"3081","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"avaya","cpe5":"messaging_storage_server","cpe6":"3.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2008","cve_id":"3081","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"avaya","cpe5":"messaging_storage_server","cpe6":"4.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2008-3081","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Multiple unspecified \"input validation\" vulnerabilities in the Web management interface (aka Messaging Administration interface) in Avaya Message Storage Server (MSS) 3.x and 4.0, and possibly Communication Manager 3.1.x, allow remote authenticated administrators to execute arbitrary commands as user vexvm via vectors related to (1) SFTP Remote Store configuration; (2) remote FTP storage settings; (3) name server lookup; (4) pinging another host; (5) TCP/IP Networking parameter configuration; (6) the external hosts configuration main page; (7) adding and changing external hosts; (8) Windows domain parameter configuration; (9) date, time, and NTP server configuration; (10) alarm settings; (11) the command line history form; (12) the maintenance form; and (13) the server events form."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"29938","refsource":"BID","url":"http://www.securityfocus.com/bid/29938"},{"name":"http://www.voipshield.com/research-details.php?id=92","refsource":"MISC","url":"http://www.voipshield.com/research-details.php?id=92"},{"name":"http://www.voipshield.com/research-details.php?id=104","refsource":"MISC","url":"http://www.voipshield.com/research-details.php?id=104"},{"name":"http://www.voipshield.com/research-details.php?id=98","refsource":"MISC","url":"http://www.voipshield.com/research-details.php?id=98"},{"name":"avaya-mss-ftpstorage-command-execution(43424)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/43424"},{"name":"ADV-2008-1945","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2008/1945/references"},{"name":"http://www.voipshield.com/research-details.php?id=94","refsource":"MISC","url":"http://www.voipshield.com/research-details.php?id=94"},{"name":"http://www.voipshield.com/research-details.php?id=93","refsource":"MISC","url":"http://www.voipshield.com/research-details.php?id=93"},{"name":"avaya-mss-tcpip-command-execution(43422)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/43422"},{"name":"http://www.voipshield.com/research-details.php?id=100","refsource":"MISC","url":"http://www.voipshield.com/research-details.php?id=100"},{"name":"http://www.voipshield.com/research-details.php?id=97","refsource":"MISC","url":"http://www.voipshield.com/research-details.php?id=97"},{"name":"http://www.voipshield.com/research-details.php?id=102","refsource":"MISC","url":"http://www.voipshield.com/research-details.php?id=102"},{"name":"http://support.avaya.com/elmodocs2/security/ASA-2008-269.htm","refsource":"CONFIRM","url":"http://support.avaya.com/elmodocs2/security/ASA-2008-269.htm"},{"name":"46587","refsource":"OSVDB","url":"http://osvdb.org/46587"},{"name":"30777","refsource":"SECUNIA","url":"http://secunia.com/advisories/30777"},{"name":"http://www.voipshield.com/research-details.php?id=101","refsource":"MISC","url":"http://www.voipshield.com/research-details.php?id=101"},{"name":"http://www.voipshield.com/research-details.php?id=99","refsource":"MISC","url":"http://www.voipshield.com/research-details.php?id=99"},{"name":"http://www.voipshield.com/research-details.php?id=95","refsource":"MISC","url":"http://www.voipshield.com/research-details.php?id=95"},{"name":"http://www.voipshield.com/research-details.php?id=103","refsource":"MISC","url":"http://www.voipshield.com/research-details.php?id=103"},{"name":"http://www.voipshield.com/research-details.php?id=96","refsource":"MISC","url":"http://www.voipshield.com/research-details.php?id=96"},{"name":"avaya-mss-nameserver-command-execution(43423)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/43423"}]}},"nvd":{"publishedDate":"2008-07-09 00:41:00","lastModifiedDate":"2017-08-08 01:31:00","problem_types":["CWE-20"],"metrics":{"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":6.5},"severity":"MEDIUM","exploitabilityScore":8,"impactScore":6.4,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":true,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:avaya:messaging_storage_server:3.1:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:avaya:messaging_storage_server:3:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:avaya:messaging_storage_server:4.0:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2008","CveId":"3081","Ordinal":"32999","Title":"CVE-2008-3081","CVE":"CVE-2008-3081","Year":"2008"},"notes":[{"CveYear":"2008","CveId":"3081","Ordinal":"1","NoteData":"Multiple unspecified \"input validation\" vulnerabilities in the Web management interface (aka Messaging Administration interface) in Avaya Message Storage Server (MSS) 3.x and 4.0, and possibly Communication Manager 3.1.x, allow remote authenticated administrators to execute arbitrary commands as user vexvm via vectors related to (1) SFTP Remote Store configuration; (2) remote FTP storage settings; (3) name server lookup; (4) pinging another host; (5) TCP/IP Networking parameter configuration; (6) the external hosts configuration main page; (7) adding and changing external hosts; (8) Windows domain parameter configuration; (9) date, time, and NTP server configuration; (10) alarm settings; (11) the command line history form; (12) the maintenance form; and (13) the server events form.","Type":"Description","Title":null},{"CveYear":"2008","CveId":"3081","Ordinal":"2","NoteData":"2008-07-08","Type":"Other","Title":"Published"},{"CveYear":"2008","CveId":"3081","Ordinal":"3","NoteData":"2017-08-07","Type":"Other","Title":"Modified"}]}}}