Lucene search

[email protected]CVE-2007-1490

HistoryMar 16, 2007 - 10:19 p.m.

CVE-2007-1490

2007-03-1622:19:00

[email protected]

web.nvd.nist.gov

cve-2007-1490

avaya

s87xx

s8500

s8300

cm 3.1.3

shell command injection

remote code execution

7.4 High

AI Score

Confidence

High

6 Medium

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

57.1%

JSON

Unspecified maintenance web pages in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allow remote authenticated users to execute arbitrary commands via shell metacharacters in unspecified vectors (aka “shell command injection”).

Affected configurations

NVD

Node

avayacommunication_managerRange≤3.1.3

CPENameOperatorVersion
avaya:communication_manageravaya communication managerle3.1.3

CPE	Name	Operator	Version
avaya:communication_manager	avaya communication manager	le	3.1.3

References

secunia.com/advisories/24434

support.avaya.com/elmodocs2/security/ASA-2007-052.htm

www.osvdb.org/33300

7.4 High

AI Score

Confidence

High

6 Medium

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

57.1%

JSON

Related for CVE-2007-1490

prion1 cvelist1 nvd1