Lucene search

[email protected]CVE-2008-6706

HistoryApr 10, 2009 - 10:00 p.m.

CVE-2008-6706

2009-04-1022:00:00

[email protected]

web.nvd.nist.gov

cve-2008-6706

avaya

sip enablement services

vulnerabilities

remote attack

sensitive information

nvd

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:C/I:N/A:N

7 High

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

77.7%

JSON

Multiple unspecified vulnerabilities in the Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, allow remote attackers to obtain (1) application server configuration, (2) database server configuration including encrypted passwords, (3) a system utility that decrypts “subscriber table passwords,” (4) a system utility that decrypts database passwords, and (5) a system utility that encrypts “subscriber table passwords.”

Affected configurations

NVD

Node

avayasip_enablement_servicesMatch3.0

avayasip_enablement_servicesMatch3.1

avayasip_enablement_servicesMatch3.1.1

avayasip_enablement_servicesMatch4.0

AND

avayacommunication_managerMatch3.1

avayacommunication_managerMatch3.1.1

avayacommunication_managerMatch3.1.2

avayacommunication_managerMatch3.1.3

avayacommunication_managerMatch3.1.4

avayacommunication_managerMatch3.1.4sp1

avayacommunication_managerMatch3.1.4sp2

avayacommunication_managerMatch3.1.5

avayacommunication_managerMatch3.1.5sp0

CPENameOperatorVersion
avaya:sip_enablement_servicesavaya sip enablement serviceseq3.0
avaya:sip_enablement_servicesavaya sip enablement serviceseq3.1
avaya:sip_enablement_servicesavaya sip enablement serviceseq3.1.1
avaya:sip_enablement_servicesavaya sip enablement serviceseq4.0
avaya:communication_manageravaya communication managereq3.1
avaya:communication_manageravaya communication managereq3.1.1
avaya:communication_manageravaya communication managereq3.1.2
avaya:communication_manageravaya communication managereq3.1.3
avaya:communication_manageravaya communication managereq3.1.4
avaya:communication_manageravaya communication managereq3.1.5

CPE	Name	Operator	Version
avaya:sip_enablement_services	avaya sip enablement services	eq	3.0
avaya:sip_enablement_services	avaya sip enablement services	eq	3.1
avaya:sip_enablement_services	avaya sip enablement services	eq	3.1.1
avaya:sip_enablement_services	avaya sip enablement services	eq	4.0
avaya:communication_manager	avaya communication manager	eq	3.1
avaya:communication_manager	avaya communication manager	eq	3.1.1
avaya:communication_manager	avaya communication manager	eq	3.1.2
avaya:communication_manager	avaya communication manager	eq	3.1.3
avaya:communication_manager	avaya communication manager	eq	3.1.4
avaya:communication_manager	avaya communication manager	eq	3.1.5

References

osvdb.org/46602

secunia.com/advisories/30751

support.avaya.com/elmodocs2/security/ASA-2008-268.htm

www.securityfocus.com/bid/29939

www.voipshield.com/research-details.php?id=81

www.voipshield.com/research-details.php?id=82

www.voipshield.com/research-details.php?id=83

www.voipshield.com/research-details.php?id=84

www.voipshield.com/research-details.php?id=85

www.vupen.com/english/advisories/2008/1943/references

exchange.xforce.ibmcloud.com/vulnerabilities/43382

exchange.xforce.ibmcloud.com/vulnerabilities/43383

exchange.xforce.ibmcloud.com/vulnerabilities/43387

exchange.xforce.ibmcloud.com/vulnerabilities/43388

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:C/I:N/A:N

7 High

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

77.7%

JSON

Related for CVE-2008-6706

nvd1 cvelist1 prion1