Lucene search

[email protected]CVE-2008-6707

HistoryApr 10, 2009 - 10:00 p.m.

CVE-2008-6707

2009-04-1022:00:00

CWE-287

[email protected]

web.nvd.nist.gov

avaya

sip

enablement

services

ses

web management

interface

authentication bypass

remote

attackers

sensitive information

restricted functionality

nvd

cve-2008-6707

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

6.8 Medium

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

77.7%

JSON

The Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, does not perform authentication for certain functionality, which allows remote attackers to obtain sensitive information and access restricted functionality via (1) the certificate installation utility, (2) unspecified scripts in the objects folder, (3) an “unnecessary default application,” (4) unspecified scripts in the states folder, (5) an unspecified “default application” that lists server configuration, and (6) “full system help.”

Affected configurations

NVD

Node

avayasip_enablement_servicesMatch3.0

avayasip_enablement_servicesMatch3.1

avayasip_enablement_servicesMatch3.1.1

avayasip_enablement_servicesMatch4.0

AND

avayacommunication_managerMatch3.1

avayacommunication_managerMatch3.1.1

avayacommunication_managerMatch3.1.2

avayacommunication_managerMatch3.1.3

avayacommunication_managerMatch3.1.4

avayacommunication_managerMatch3.1.4sp1

avayacommunication_managerMatch3.1.4sp2

avayacommunication_managerMatch3.1.5

avayacommunication_managerMatch3.1.5sp0

CPENameOperatorVersion
avaya:sip_enablement_servicesavaya sip enablement serviceseq3.0
avaya:sip_enablement_servicesavaya sip enablement serviceseq3.1
avaya:sip_enablement_servicesavaya sip enablement serviceseq3.1.1
avaya:sip_enablement_servicesavaya sip enablement serviceseq4.0
avaya:communication_manageravaya communication managereq3.1
avaya:communication_manageravaya communication managereq3.1.1
avaya:communication_manageravaya communication managereq3.1.2
avaya:communication_manageravaya communication managereq3.1.3
avaya:communication_manageravaya communication managereq3.1.4
avaya:communication_manageravaya communication managereq3.1.5

CPE	Name	Operator	Version
avaya:sip_enablement_services	avaya sip enablement services	eq	3.0
avaya:sip_enablement_services	avaya sip enablement services	eq	3.1
avaya:sip_enablement_services	avaya sip enablement services	eq	3.1.1
avaya:sip_enablement_services	avaya sip enablement services	eq	4.0
avaya:communication_manager	avaya communication manager	eq	3.1
avaya:communication_manager	avaya communication manager	eq	3.1.1
avaya:communication_manager	avaya communication manager	eq	3.1.2
avaya:communication_manager	avaya communication manager	eq	3.1.3
avaya:communication_manager	avaya communication manager	eq	3.1.4
avaya:communication_manager	avaya communication manager	eq	3.1.5

References

osvdb.org/46598

osvdb.org/46599

osvdb.org/46600

secunia.com/advisories/30751

support.avaya.com/elmodocs2/security/ASA-2008-268.htm

www.securityfocus.com/bid/29939

www.voipshield.com/research-details.php?id=86

www.voipshield.com/research-details.php?id=87

www.voipshield.com/research-details.php?id=88

www.voipshield.com/research-details.php?id=89

www.voipshield.com/research-details.php?id=90

www.voipshield.com/research-details.php?id=91

www.vupen.com/english/advisories/2008/1943/references

exchange.xforce.ibmcloud.com/vulnerabilities/43381

exchange.xforce.ibmcloud.com/vulnerabilities/43384

exchange.xforce.ibmcloud.com/vulnerabilities/43389

exchange.xforce.ibmcloud.com/vulnerabilities/43393

exchange.xforce.ibmcloud.com/vulnerabilities/43394

exchange.xforce.ibmcloud.com/vulnerabilities/43395

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

6.8 Medium

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

77.7%

JSON

Related for CVE-2008-6707

cvelist1 nvd1 prion1