CVE-2012-3811

{"id": "CVE-2012-3811", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2012-07-03T19:55:04.663", "references": [{"url": "http://zerodayinitiative.com/advisories/ZDI-12-106/", "source": "cve@mitre.org"}, {"url": "https://downloads.avaya.com/css/P8/documents/100164021", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://zerodayinitiative.com/advisories/ZDI-12-106/", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://downloads.avaya.com/css/P8/documents/100164021", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Unrestricted file upload vulnerability in ImageUpload.ashx in the Wallboard application in Avaya IP Office Customer Call Reporter 7.0 before 7.0.5.8 Q1 2012 Maintenance Release and 8.0 before 8.0.9.13 Q1 2012 Maintenance Release allows remote attackers to execute arbitrary code by uploading an executable file and then accessing it via a direct request."}, {"lang": "es", "value": "Vulnerabilidad de subida de fichero no restringido en ImageUpload.ashx en la aplicaci\u00f3n Wallboard en Avaya IP Office Customer Call Reporter v7.0 anteriores a v7.0.5.8 Q1 2012 Maintenance Release y v8.0 anteriores a v8.0.9.13 Q1 2012 Maintenance Release, permite a atacantes remotos ejecutar c\u00f3digo subiendo un fichero ejecutable y accediendo a \u00e9l a trav\u00e9s de una petici\u00f3n directa."}], "lastModified": "2024-11-21T01:41:40.060", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:avaya:ip_office_customer_call_reporter:7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1D595B22-63D4-4285-AD5C-7A3F8F22457B"}, {"criteria": "cpe:2.3:a:avaya:ip_office_customer_call_reporter:8.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FF2A34F3-AF83-4217-9D0C-5883CD5486A8"}], "operator": "OR"}]}], "evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/434.html\r\n\r\n'CWE-434: Unrestricted Upload of File with Dangerous Type'", "sourceIdentifier": "cve@mitre.org"}