CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
99.7%
Added: 10/22/2012
CVE: CVE-2012-3811
BID: 54225
OSVDB: 83399
Avaya IP Office is a unified communications solution for mobile workforce.
The ImageUpload.ashx script allows unauthenticated users to upload arbitrary script files to the webserver. The script files can then be executed by a web request, leading to arbitrary command execution.
Apply one of the fixes referenced in ASA-2012-222.
<http://www.zerodayinitiative.com/advisories/ZDI-12-106/>
Exploit works on Avaya IP Office Customer Call Reporter 8.0.8.15.
Windows