Avaya Communication Manager存在多个安全漏洞

BUGTRAQ ID: 29939 CNCAN ID：CNCAN-2008062702 Avaya Communication Manager是一款IP语音通信解决方案。 Avaya Communication Manager WEB管理接口存在多个安全问题，远程攻击者可以利用漏洞执行任意代码，提升特权，获得敏感信息等攻击。 -配置数据查看或恢复信任凭证时存在问题可导致提升特权。 -配置本地数据查看和恢复参数时可导致以登录用户进程权限执行系统命令。 -配置存在问题可导致系统信息恢复，包括加密密码信息。 -无需验证从对象文件夹中执行脚本。 -无需验证可执行不需要的默认应用程序。...

Command injection

Unspecified maintenance web pages in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allow remote authenticated users to execute arbitrary commands via shell metacharacters in unspecified vectors aka "shell command injection"...

CVE-2007-1491

Apache Tomcat in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allows connections from external interfaces via port 8009, which exposes it to attacks from outside parties...

CVE-2007-1490

Unspecified maintenance web pages in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allow remote authenticated users to execute arbitrary commands via shell metacharacters in unspecified vectors aka "shell command injection"...

CVE-2007-1491

CVE-2007-1491 affects Avaya/S87XX, S8500, and S8300 platforms running Avaya CM prior to 3.1.3, where Apache Tomcat allows external-interface connections via port 8009. This exposure can enable external access from outside networks. The vulnerability is tied to the misconfiguration/exposure of por...

CVE-2007-1490

CVE-2007-1490 affects Avaya equipment (S87XX, S8500, S8300 prior to CM 3.1.3 and Avaya SES). The issue is shell command injection via shell metacharacters in unspecified maintenance web pages/entry points, exploitable by remote authenticated users. Affected component/functionality is unspecified;...