Lucene search

[email protected]CVE-2008-6797

HistoryOct 03, 2022 - 4:13 p.m.

CVE-2008-6797

2022-10-0316:13:48

CWE-310

[email protected]

web.nvd.nist.gov

mitel

nupoint messenger

r11

server

cleartext

sensitive information

network sniffing

vulnerability

cve-2008-6797

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:C/I:N/A:N

6.4 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

48.8%

JSON

The server in Mitel NuPoint Messenger R11 and R3 sends usernames and passwords in cleartext to Exchange servers, which allows remote attackers to obtain sensitive information by sniffing the network.

Affected configurations

NVD

Node

mitelmitel_nupoint_messengerMatchr3

mitelmitel_nupoint_messengerMatchr11

CPENameOperatorVersion
mitel:mitel_nupoint_messengermitel mitel nupoint messengereqr3
mitel:mitel_nupoint_messengermitel mitel nupoint messengereqr11

CPE	Name	Operator	Version
mitel:mitel_nupoint_messenger	mitel mitel nupoint messenger	eq	r3
mitel:mitel_nupoint_messenger	mitel mitel nupoint messenger	eq	r11

References

www.kb.cert.org/vuls/id/576996

www.mitel.com/resources/NuPoint_and_Exchange.pdf

www.securityfocus.com/bid/34847

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:C/I:N/A:N

6.4 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

48.8%

JSON

Related for CVE-2008-6797

prion1 cvelist1 nvd1