Avaya Communication Manager Multiple Security Vulnerabilities
BID:29939
Info
Avaya Communication Manager Multiple Security Vulnerabilities
| Bugtraq ID: | 29939 |
| Class: | Unknown |
| CVE: |
CVE-2008-6706 CVE-2008-6707 CVE-2008-6708 CVE-2008-6709 CVE-2008-6710 CVE-2008-6711 |
| Remote: | Yes |
| Local: | No |
| Published: | Jun 25 2008 12:00AM |
| Updated: | Apr 23 2009 03:06PM |
| Credit: | VoIPshield |
| Vulnerable: |
Avaya SIP Enablement Services 4.0 Avaya Communication Manager 4.0 Avaya Communication Manager 3.1 Avaya Aura SIP Enablement Services 3.1.1 Avaya Aura SIP Enablement Services 3.1 Avaya Aura SIP Enablement Services 3.0 |
| Not Vulnerable: | |
Discussion
Avaya Communication Manager Multiple Security Vulnerabilities
Avaya Communication Manager is prone to multiple security vulnerabilities.
Attackers can exploit these issues to execute arbitrary code, elevate privileges, obtain sensitive information, or compromise vulnerable computers.
Avaya Communication Manager is prone to multiple security vulnerabilities.
Attackers can exploit these issues to execute arbitrary code, elevate privileges, obtain sensitive information, or compromise vulnerable computers.
Exploit / POC
Avaya Communication Manager Multiple Security Vulnerabilities
An attacker will likely use a web browser to exploit these issues.
Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
An attacker will likely use a web browser to exploit these issues.
Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
Avaya Communication Manager Multiple Security Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
Avaya Communication Manager Multiple Security Vulnerabilities
References:
References:
- Avaya Homepage (Avaya Inc.)
- Communication Manager System Log Viewer Arbitrary Command Execution (VoIPshield)
- Communication Manager View/Restore Data Credential Privilege Elevation (VoIPshield)
- SIP Enablement Service View/Restore Data Configuration Privilege Elevation (VoIPshield)
- SIP Enablement Service View/Restore Data Credential Privilege Elevation (VoIPshield)
- SIP Enablement Service View/Restore Data Local Configuration Arbitrary Command E (VoIPshield)
- SIP Enablement Service Web Interface Application Server Configuration Disclosure (VoIPshield)
- SIP Enablement Service Web Interface Certificate Utility Disclosure (VoIPshield)
- SIP Enablement Service Web Interface Database Password Decryption Utility Disclo (VoIPshield)
- SIP Enablement Service Web Interface Database Server Configuration Disclosure (VoIPshield)
- SIP Enablement Service Web Interface Default Application Execution (VoIPshield)
- SIP Enablement Service Web Interface Objects Folder Script Execution (VoIPshield)
- SIP Enablement Service Web Interface Password Decryption Utility Disclosure (VoIPshield)
- SIP Enablement Service Web Interface Password Encryption Utility Disclosure (VoIPshield)
- SIP Enablement Service Web Interface Server Configuration Information Applicatio (VoIPshield)
- SIP Enablement Service Web Interface States Folder Script Execution (VoIPshield)
- SIP Enablement Service Web Interface Unrestricted Help Access (VoIPshield)
- ASA-2008-268 Input Validation and Unauthorized Access Vulnerabilities in Avaya S (Avaya)
- ASA-2008-270 Additional Input Validation Vulnerabilities in Avaya Communication (Avaya)