Vulnerability CVE-2011-5096


Published: 2012-07-03   Modified: 2012-07-04

Description:
Stack-based buffer overflow in cstore.exe in the Media Application Server (MAS) in Avaya Aura Application Server 5300 (formerly Nortel Media Application Server) 1.x before 1.0.2 and 2.0 before Patch Bundle 10 allows remote attackers to execute arbitrary code via a crafted cs_anams parameter in a CONTENT_STORE_ADMIN_REQ packet.

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
10/10
10/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Avaya -> Aura application server 5300 

 References:
https://downloads.avaya.com/css/P8/documents/100146108
http://zerodayinitiative.com/advisories/ZDI-11-260/

Copyright 2022, cxsecurity.com

 

Back to Top