CVE-2008-6709

Unspecified vulnerability in the Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, allows remote authenticated users to execute arbitrary commands via unknown vectors related to configuration of "local data viewing or restoring parameters."

CVSS v2.0 9.0 HIGH

9.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:S/C:C/I:C/A:C

Exploitability : 8.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://secunia.com/advisories/30751
http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm	Vendor Advisory
http://www.osvdb.org/46603
http://www.securityfocus.com/bid/29939
http://www.voipshield.com/research-details.php?id=78
http://www.vupen.com/english/advisories/2008/1943/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/43380

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:avaya:sip_enablement_services:3.0:::::::*
	cpe:2.3:a:avaya:sip_enablement_services:3.1:::::::*
	cpe:2.3:a:avaya:sip_enablement_services:3.1.1:::::::*
	cpe:2.3:a:avaya:sip_enablement_services:4.0:::::::*

OR	cpe:2.3:a:avaya:communication_manager:3.1:::::::*
	cpe:2.3:a:avaya:communication_manager:3.1.1:::::::*
	cpe:2.3:a:avaya:communication_manager:3.1.2:::::::*
	cpe:2.3:a:avaya:communication_manager:3.1.3:::::::*
	cpe:2.3:a:avaya:communication_manager:3.1.4:::::::*
	cpe:2.3:a:avaya:communication_manager:3.1.4:sp1::::::
	cpe:2.3:a:avaya:communication_manager:3.1.4:sp2::::::
	cpe:2.3:a:avaya:communication_manager:3.1.5:::::::*
	cpe:2.3:a:avaya:communication_manager:3.1.5:sp0::::::

History

No history.

Information

Published : 2009-04-10 22:00

Updated : 2024-02-28 11:21

NVD link : CVE-2008-6709

Mitre link : CVE-2008-6709

CVE.ORG link : CVE-2008-6709

JSON object : View

Products Affected

avaya

sip_enablement_services
communication_manager

CWE

NVD-CWE-noinfo

{"id": "CVE-2008-6709", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "authentication": "SINGLE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": true, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2009-04-10T22:00:00.703", "references": [{"url": "http://secunia.com/advisories/30751", "source": "cve@mitre.org"}, {"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/46603", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/29939", "source": "cve@mitre.org"}, {"url": "http://www.voipshield.com/research-details.php?id=78", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2008/1943/references", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43380", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in the Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, allows remote authenticated users to execute arbitrary commands via unknown vectors related to configuration of \"local data viewing or restoring parameters.\""}, {"lang": "es", "value": "Vulnerabilidad no especificada en el interfase de administraci\u00f3n web de Avaya SIP Enablement Services (SES)v3.x y v4.0, como las usadas en Avaya Communication Manager v3.1.x, permite a usuarios remotos autentificados, ejecutar comandos de su elecci\u00f3n a trav\u00e9s de vectores no espec\u00edficos, relativos a la configuraci\u00f3n de \"viendo datos locales o restaurando par\u00e1metros\"."}], "lastModified": "2017-08-17T01:29:30.490", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:avaya:sip_enablement_services:3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F8D4881F-650A-4FA1-B604-70EBBED41AE7"}, {"criteria": "cpe:2.3:a:avaya:sip_enablement_services:3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F9EB9ECB-9ABF-40ED-9116-D3FE9FC73B38"}, {"criteria": "cpe:2.3:a:avaya:sip_enablement_services:3.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "43F41650-7E55-436A-9935-8CE88B428680"}, {"criteria": "cpe:2.3:a:avaya:sip_enablement_services:4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7BFF25B3-B7C7-479C-8C2A-995E568C3395"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:avaya:communication_manager:3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "88F5C363-3A38-43FC-A06D-73E280AB844B"}, {"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C4030E5D-BC15-481D-A15E-98FAE65130D9"}, {"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F3FC3A86-CE3D-4C12-9E31-7F7280EF9D28"}, {"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BBD119B9-FE11-4165-943D-119E906DC013"}, {"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "89F99C5C-C184-4A5C-B8BA-F558C4A38730"}, {"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.4:sp1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1EAA2BC9-4794-4441-8AA8-3C1B7297FD06"}, {"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.4:sp2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "423E4EEB-3D6F-449E-B623-C8D051E8FA3B"}, {"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "87089C0E-2241-46A7-93EE-EC41D52A89C6"}, {"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.5:sp0:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5BD89D61-0B42-4DDE-99F1-71570A37A136"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}