BID:106826

Avaya Aura Communication Manager CVE-2018-15617 Denial of Service Vulnerability

CVE-2018-15617 |

Info

Avaya Aura Communication Manager CVE-2018-15617 Denial of Service Vulnerability

Bugtraq ID:	106826
Class:	Design Error
CVE:	CVE-2018-15617
Remote:	Yes
Local:	No
Published:	Jan 31 2019 12:00AM
Updated:	Jan 31 2019 12:00AM
Credit:	Frank Cozijnsen from KPN.
Vulnerable:	Avaya Aura Communication Manager 8.0 Avaya Aura Communication Manager 7.1.2 Avaya Aura Communication Manager 6.3.8 Avaya Aura Communication Manager 7.1.3.1 Avaya Aura Communication Manager 7.1.0.0 Avaya Aura Communication Manager 6.3 + Avaya Communication Manager Server DEFINITY Server SI/CS + Avaya Communication Manager Server S8100 + Avaya Communication Manager Server S8300 + Avaya Communication Manager Server S8500 + Avaya Communication Manager Server S8700 Avaya Aura Communication Manager 6.2 + Avaya Communication Manager Server DEFINITY Server SI/CS + Avaya Communication Manager Server S8100 + Avaya Communication Manager Server S8300 + Avaya Communication Manager Server S8500 + Avaya Communication Manager Server S8700 Avaya Aura Communication Manager 6.0.1 + Avaya Communication Manager Server DEFINITY Server SI/CS + Avaya Communication Manager Server S8100 + Avaya Communication Manager Server S8300 + Avaya Communication Manager Server S8500 + Avaya Communication Manager Server S8700 Avaya Aura Communication Manager 6.0 + Avaya Communication Manager Server DEFINITY Server SI/CS + Avaya Communication Manager Server S8100 + Avaya Communication Manager Server S8300 + Avaya Communication Manager Server S8500 + Avaya Communication Manager Server S8700

Not Vulnerable:	Avaya Aura Communication Manager 8.0.1 Avaya Aura Communication Manager 7.1.3.2

Discussion

Avaya Aura Communication Manager CVE-2018-15617 Denial of Service Vulnerability

Avaya Aura Communication Manager is prone to a denial-of-service vulnerability.

An attacker can exploit this issue to cause a denial-of-service condition.

Avaya Aura Communication Manager version 6.3.x, 7.1.0.0 through 7.1.3.1, and 8.0.0 are vulnerable.

Exploit / POC

Avaya Aura Communication Manager CVE-2018-15617 Denial of Service Vulnerability

Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Solution / Fix

Avaya Aura Communication Manager CVE-2018-15617 Denial of Service Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.

References

Avaya Aura Communication Manager CVE-2018-15617 Denial of Service Vulnerability

References:

Avaya Home Page (Avaya)
Communication Manager Denial of Service vulnerability (CVE-2018-15617) (Avaya)