CVE-2008-6711

Unspecified vulnerability in the Web administration interface in Avaya Communication Manager 3.1.x before CM 3.1.4 SP2 and 4.0.x before 4.0.3 SP1 allows remote authenticated users to execute arbitrary commands via unknown vectors related to "viewing system logs."

CVSS v2.0 9.0 HIGH

9.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:S/C:C/I:C/A:C

Exploitability : 8.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://secunia.com/advisories/30799
http://support.avaya.com/elmodocs2/security/ASA-2008-270.htm	Vendor Advisory
http://www.osvdb.org/46581
http://www.securityfocus.com/bid/29939
http://www.voipshield.com/research-details.php?id=80
http://www.vupen.com/english/advisories/2008/1944/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/43391

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:avaya:communication_manager:3.1:::::::*
	cpe:2.3:a:avaya:communication_manager:3.1.1:::::::*
	cpe:2.3:a:avaya:communication_manager:3.1.2:::::::*
	cpe:2.3:a:avaya:communication_manager:3.1.3:::::::*
	cpe:2.3:a:avaya:communication_manager:3.1.4:::::::*
	cpe:2.3:a:avaya:communication_manager:3.1.4:sp1::::::
	cpe:2.3:a:avaya:communication_manager:4.0:::::::*
	cpe:2.3:a:avaya:communication_manager:4.0.1:::::::*
	cpe:2.3:a:avaya:communication_manager:4.0.1:sp15215::::::
	cpe:2.3:a:avaya:communication_manager:4.0.1:sp15500::::::
	cpe:2.3:a:avaya:communication_manager:4.0.3:::::::*

History

No history.

Information

Published : 2009-04-10 22:00

Updated : 2023-12-10 10:51

NVD link : CVE-2008-6711

Mitre link : CVE-2008-6711

CVE.ORG link : CVE-2008-6711

JSON object : View

Products Affected

avaya

communication_manager

CWE

NVD-CWE-noinfo

{"id": "CVE-2008-6711", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "authentication": "SINGLE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": true, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2009-04-10T22:00:00.750", "references": [{"url": "http://secunia.com/advisories/30799", "source": "cve@mitre.org"}, {"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-270.htm", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/46581", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/29939", "source": "cve@mitre.org"}, {"url": "http://www.voipshield.com/research-details.php?id=80", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2008/1944/references", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43391", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in the Web administration interface in Avaya Communication Manager 3.1.x before CM 3.1.4 SP2 and 4.0.x before 4.0.3 SP1 allows remote authenticated users to execute arbitrary commands via unknown vectors related to \"viewing system logs.\""}, {"lang": "es", "value": "Vulnerabilidad no especificada en el interfase de administraci\u00f3n Web en Avaya Communication Manager v3.1.x anteriores a CM v3.1.4 SP2 y v4.0.x anteriores v4.0.3 SP1 permiten a usuarios remotos autentificados, ejecutar comandos de su elecci\u00f3n a trav\u00e9s de vectores desconocidos, relativo a \"viendo registros de sistema\"."}], "lastModified": "2017-08-17T01:29:30.597", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:avaya:communication_manager:3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "88F5C363-3A38-43FC-A06D-73E280AB844B"}, {"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C4030E5D-BC15-481D-A15E-98FAE65130D9"}, {"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F3FC3A86-CE3D-4C12-9E31-7F7280EF9D28"}, {"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BBD119B9-FE11-4165-943D-119E906DC013"}, {"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "89F99C5C-C184-4A5C-B8BA-F558C4A38730"}, {"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.4:sp1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1EAA2BC9-4794-4441-8AA8-3C1B7297FD06"}, {"criteria": "cpe:2.3:a:avaya:communication_manager:4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9F0B0D66-9900-4B9A-A892-31B8607DA852"}, {"criteria": "cpe:2.3:a:avaya:communication_manager:4.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D5DE700B-B830-445B-AF08-4AD28EF1BE58"}, {"criteria": "cpe:2.3:a:avaya:communication_manager:4.0.1:sp15215:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "522FD345-91ED-4FE2-8069-028C3A2E3974"}, {"criteria": "cpe:2.3:a:avaya:communication_manager:4.0.1:sp15500:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3507CABD-74EE-4A53-9C09-AF38B3F218F0"}, {"criteria": "cpe:2.3:a:avaya:communication_manager:4.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "825C1D4E-CD86-4122-84D7-CF1CB4CF8F10"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}