CVE-2008-5709

Multiple unspecified vulnerabilities in the web management interface in Avaya Communication Manager (CM) 3.1 before 3.1.4 SP2, 4.0 before 4.0.3 SP1, and 5.0 before 5.0 SP3 allow remote authenticated users to execute arbitrary code via unknown attack vectors in the (1) Set Static Routes and (2) Backup History components.

CVSS v2.0 9.0 HIGH

9.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:S/C:C/I:C/A:C

Exploitability : 8.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://secunia.com/advisories/32204	Vendor Advisory
http://support.avaya.com/elmodocs2/security/ASA-2008-391.htm	Vendor Advisory
http://www.securityfocus.com/bid/31645
http://www.voipshield.com/research-details.php?id=121
http://www.voipshield.com/research-details.php?id=122
http://www.vupen.com/english/advisories/2008/2772
https://exchange.xforce.ibmcloud.com/vulnerabilities/45747
https://exchange.xforce.ibmcloud.com/vulnerabilities/45749

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:avaya:communication_manager:3.1.1:::::::*
	cpe:2.3:a:avaya:communication_manager:3.1.2:::::::*
	cpe:2.3:a:avaya:communication_manager:3.1.3:::::::*
	cpe:2.3:a:avaya:communication_manager:3.1.4:sp1::::::
	cpe:2.3:a:avaya:communication_manager:4.0:::::::*
	cpe:2.3:a:avaya:communication_manager:4.0.1:::::::*
	cpe:2.3:a:avaya:communication_manager:4.0.1:sp15215::::::
	cpe:2.3:a:avaya:communication_manager:4.0.1:sp15500::::::
	cpe:2.3:a:avaya:communication_manager:4.0.3:::::::*
	cpe:2.3:a:avaya:communication_manager:5.0:::::::*
	cpe:2.3:a:avaya:communication_manager:5.0:sp1::::::
	cpe:2.3:a:avaya:communication_manager:5.0:sp2::::::

History

No history.

Information

Published : 2008-12-24 18:29

Updated : 2024-02-04 17:33

NVD link : CVE-2008-5709

Mitre link : CVE-2008-5709

CVE.ORG link : CVE-2008-5709

JSON object : View

Products Affected

avaya

communication_manager

CWE

CWE-20

Improper Input Validation

NVD-CWE-noinfo

{"id": "CVE-2008-5709", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "authentication": "SINGLE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": true, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2008-12-24T18:29:15.780", "references": [{"url": "http://secunia.com/advisories/32204", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-391.htm", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/31645", "source": "cve@mitre.org"}, {"url": "http://www.voipshield.com/research-details.php?id=121", "source": "cve@mitre.org"}, {"url": "http://www.voipshield.com/research-details.php?id=122", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2008/2772", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45747", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45749", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}, {"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Multiple unspecified vulnerabilities in the web management interface in Avaya Communication Manager (CM) 3.1 before 3.1.4 SP2, 4.0 before 4.0.3 SP1, and 5.0 before 5.0 SP3 allow remote authenticated users to execute arbitrary code via unknown attack vectors in the (1) Set Static Routes and (2) Backup History components."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades sin especificar en la interfaz de gesti\u00f3n web en Avaya Communication Manager (CM) 3.1 antes de 3.1.4 SP2, 4.0 antes de 4.0.3 SP1 y 5.0 antes de 5.0 SP3 permite a usuarios remotamente autentificados ejecutar c\u00f3digo de su elecci\u00f3n mediante vectores de ataque desconocidos en los componentes (1) Set Static Routes y (2) Backup History."}], "lastModified": "2017-08-08T01:33:29.000", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C4030E5D-BC15-481D-A15E-98FAE65130D9"}, {"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F3FC3A86-CE3D-4C12-9E31-7F7280EF9D28"}, {"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BBD119B9-FE11-4165-943D-119E906DC013"}, {"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.4:sp1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1EAA2BC9-4794-4441-8AA8-3C1B7297FD06"}, {"criteria": "cpe:2.3:a:avaya:communication_manager:4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9F0B0D66-9900-4B9A-A892-31B8607DA852"}, {"criteria": "cpe:2.3:a:avaya:communication_manager:4.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D5DE700B-B830-445B-AF08-4AD28EF1BE58"}, {"criteria": "cpe:2.3:a:avaya:communication_manager:4.0.1:sp15215:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "522FD345-91ED-4FE2-8069-028C3A2E3974"}, {"criteria": "cpe:2.3:a:avaya:communication_manager:4.0.1:sp15500:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3507CABD-74EE-4A53-9C09-AF38B3F218F0"}, {"criteria": "cpe:2.3:a:avaya:communication_manager:4.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "825C1D4E-CD86-4122-84D7-CF1CB4CF8F10"}, {"criteria": "cpe:2.3:a:avaya:communication_manager:5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "84E2136B-6FE3-4548-A89D-444ED9393C22"}, {"criteria": "cpe:2.3:a:avaya:communication_manager:5.0:sp1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FB4B7CCA-3961-48BC-ABFD-A608B39BD921"}, {"criteria": "cpe:2.3:a:avaya:communication_manager:5.0:sp2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F9DD5F5B-5F44-422C-B9D9-731B53981BEB"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}