Avaya Communication Manager Multiple Remote Command Execution Vulnerabilities
BID:29938
Info
Avaya Communication Manager Multiple Remote Command Execution Vulnerabilities
| Bugtraq ID: | 29938 |
| Class: | Input Validation Error |
| CVE: |
CVE-2008-3081 |
| Remote: | Yes |
| Local: | No |
| Published: | Jun 25 2008 12:00AM |
| Updated: | May 07 2015 05:28PM |
| Credit: | VoIPShield |
| Vulnerable: |
Avaya Messaging Storage Server 4.0 Avaya Messaging Storage Server 3.1 Avaya Communication Manager 3.1 |
| Not Vulnerable: | |
Discussion
Avaya Communication Manager Multiple Remote Command Execution Vulnerabilities
Avaya Communication Manager is prone to 52 remote command-execution vulnerabilities in the administration interface. To exploit these issues, an attacker must have authenticated access to the interface.
Attackers can exploit these issues to execute arbitrary commands with the privileges of 'vexvm' on the underlying system. Successfully exploiting these issues will compromise the affected application and possibly the underlying computer.
Avaya Communication Manager is prone to 52 remote command-execution vulnerabilities in the administration interface. To exploit these issues, an attacker must have authenticated access to the interface.
Attackers can exploit these issues to execute arbitrary commands with the privileges of 'vexvm' on the underlying system. Successfully exploiting these issues will compromise the affected application and possibly the underlying computer.
Exploit / POC
Avaya Communication Manager Multiple Remote Command Execution Vulnerabilities
Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
Avaya Communication Manager Multiple Remote Command Execution Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
Avaya Communication Manager Multiple Remote Command Execution Vulnerabilities
References:
References:
- Avaya Homepage (Avaya Inc.)
- Input Validation Vulnerabilities in Avaya MSS Web Interface (Avaya)
- Message Storage Command Line History Arbitrary Command Execution (Avaya)
- Message Storage Server Alarm Configuration Arbitrary Command Execution (VoIPshield)
- Message Storage Server DNS Lookup Arbitrary Command Execution (VoIPshield)
- Message Storage Server Events Arbitrary Command Execution (VoIPshield)
- Message Storage Server External Hosts Add/Change Configuration Arbitrary Command (VoIPshield)
- Message Storage Server External Hosts Add/Change Configuration Arbitrary Command (VoIPshield)
- Message Storage Server External Hosts Configuration Arbitrary Command Execution (VoIPshield)
- Message Storage Server FTP Remote Storage Arbitrary Command Execution (VoIPshield)
- Message Storage Server Maintenance Arbitrary Command Execution (VoIPshield)
- Message Storage Server Network Configuration Arbitrary Command Execution (VoIPshield)
- Message Storage Server Network Configuration Arbitrary Command Execution (VoIPshield)
- Message Storage Server SFTP Remote Storage Command Execution (VoIPshield)
- Message Storage Server Time Configuration Arbitrary Command Execution (VoIPshield)
- Message Storage Server Windows Domain Configuration Arbitrary Command Execution (VoIPshield)