Podatność CVE-2008-6707


Publikacja: 2009-04-10   Modyfikacja: 2012-02-12

Opis:
The Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, does not perform authentication for certain functionality, which allows remote attackers to obtain sensitive information and access restricted functionality via (1) the certificate installation utility, (2) unspecified scripts in the objects folder, (3) an "unnecessary default application," (4) unspecified scripts in the states folder, (5) an unspecified "default application" that lists server configuration, and (6) "full system help."

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:N)

Ogólna skala CVSS
Znaczenie
Łatwość wykorzystania
6.4/10
4.9/10
10/10
Wymagany dostęp
Złożoność ataku
Autoryzacja
Zdalny
Niska
Nie wymagana
Wpływ na poufność
Wpływ na integralność
Wpływ na dostępność
Częściowy
Częściowy
Brak
Affected software
Avaya -> Communication manager 
Avaya -> Sip enablement services 

 Referencje:
http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm
http://www.securityfocus.com/bid/29939
http://www.voipshield.com/research-details.php?id=86
http://www.voipshield.com/research-details.php?id=87
http://www.voipshield.com/research-details.php?id=88
http://www.voipshield.com/research-details.php?id=89
http://www.voipshield.com/research-details.php?id=90
http://www.voipshield.com/research-details.php?id=91
http://www.vupen.com/english/advisories/2008/1943/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/43381
https://exchange.xforce.ibmcloud.com/vulnerabilities/43384
https://exchange.xforce.ibmcloud.com/vulnerabilities/43389
https://exchange.xforce.ibmcloud.com/vulnerabilities/43393
https://exchange.xforce.ibmcloud.com/vulnerabilities/43394
https://exchange.xforce.ibmcloud.com/vulnerabilities/43395

Copyright 2024, cxsecurity.com

 

Back to Top