Avaya Identity Engines Ignition Server Remote Code Execution Vulnerability

2011-10-18T00:00:00
ID ZDI-11-293
Type zdi
Reporter AbdulAziz Hariri of ThirdEyeTesters
Modified 2011-11-09T00:00:00

Description

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Nortel/Avaya Identity Engines Ignition Server. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the AdminAccountManager process, which listens for GIOP requests over TCP ports 23456 and 23457 (SSL). The AdminAccountManager responds to remote requests for administrative functions without authentication. It is possible for a remote attacker to invoke the setAccountPassword operation for the default administrator account, effectively usurping administrator access. From there, it is trivial to execute arbitrary code remotely.