Lucene search

[email protected]CVE-2008-3778

HistoryAug 25, 2008 - 9:41 p.m.

CVE-2008-3778

2008-08-2521:41:00

CWE-264

[email protected]

web.nvd.nist.gov

avaya

sip enablement services

ses server

cve-2008-3778

denial of service

privilege escalation

remote management interface

7.7 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

76.3%

JSON

The remote management interface in SIP Enablement Services (SES) Server in Avaya SIP Enablement Services 5.0, and Communication Manager (CM) 5.0 on the S8300C with SES enabled, proceeds with Core router updates even when a login is invalid, which allows remote attackers to cause a denial of service (messaging outage) or gain privileges via an update request.

CPENameOperatorVersion
avaya:sip_enablement_servicesavaya sip enablement serviceseq5.0
avaya:communication_manageravaya communication managereq5.0

CPE	Name	Operator	Version
avaya:sip_enablement_services	avaya sip enablement services	eq	5.0
avaya:communication_manager	avaya communication manager	eq	5.0

References

support.avaya.com/elmodocs2/security/ASA-2008-347.htm

www.securityfocus.com/bid/30758

exchange.xforce.ibmcloud.com/vulnerabilities/44585

7.7 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

76.3%

JSON

Related for CVE-2008-3778

cvelist1 prion1