Vulnerability CVE-2008-6573


Published: 2009-04-01   Modified: 2012-02-12

Description:
Multiple SQL injection vulnerabilities in Avaya SIP Enablement Services (SES) in Avaya Avaya Communication Manager 3.x, 4.0, and 5.0 (1) allow remote attackers to execute arbitrary SQL commands via unspecified vectors related to profiles in the SIP Personal Information Manager (SPIM) in the web interface; and allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors related to (2) permissions for SPIM profiles in the web interface and (3) a crafted SIP request to the SIP server.

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.8/10
6.4/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Avaya -> Communication manager 

 References:
http://support.avaya.com/elmodocs2/security/ASA-2008-150.htm
http://support.avaya.com/elmodocs2/security/ASA-2008-151.htm
http://www.securityfocus.com/bid/28682
http://www.voipshield.com/research-details.php?id=22
http://www.voipshield.com/research-details.php?id=25
http://www.voipshield.com/research-details.php?id=26
https://exchange.xforce.ibmcloud.com/vulnerabilities/41730
https://exchange.xforce.ibmcloud.com/vulnerabilities/41733

Copyright 2024, cxsecurity.com

 

Back to Top