Vulnerability CVE-2012-3811
Published: 2012-07-03   Modified: 2012-07-04

Description:
Unrestricted file upload vulnerability in ImageUpload.ashx in the Wallboard application in Avaya IP Office Customer Call Reporter 7.0 before 7.0.5.8 Q1 2012 Maintenance Release and 8.0 before 8.0.9.13 Q1 2012 Maintenance Release allows remote attackers to execute arbitrary code by uploading an executable file and then accessing it via a direct request.

See advisories in our WLB2 database:
Topic
Author
Date
High
Avaya IP Office Customer Remote Code Execution Vulnerability
Andrea Micalizzi...
29.06.2012
High
Avaya IP Office Customer Call Reporter Command Execution
juan vazquez
09.10.2012

Type:

CWE-Other

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
10/10
10/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Avaya -> Ip office customer call reporter 

 References:
https://downloads.avaya.com/css/P8/documents/100164021
http://zerodayinitiative.com/advisories/ZDI-12-106/
Copyright 2024, cxsecurity.com

 

Back to Top