| Vulnerability Name: | CCN-43385 | ||||||
| Published: | 2008-06-25 | ||||||
| Updated: | 2008-06-25 | ||||||
| Summary: | Avaya SIP Enablement Service (SES) could allow a remote attacker to execute arbitrary code on the system, caused by an error in the Web administration interface related to viewing and restoring data credentials. By configuring data or restoring credentials on the administration interface, a remote authenticated attacker could exploit this vulnerability to execute arbitrary code on the underlying operating system with root privileges. | ||||||
| CVSS v3 Severity: | 9.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H)
| ||||||
| CVSS v2 Severity: | 9.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C) 7.3 High (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C/E:U/RL:U/RC:UR)
| ||||||
| Vulnerability Consequences: | Gain Privileges | ||||||
| References: | Source: CCN Type: ASA-2008-268 Additional Input Validation Vulnerabilities in Avaya SES SIP Server Source: CCN Type: Avaya Web site Telecommunication Systems by Avaya: Business Telecommunications for your Company Source: CCN Type: BID-29939 Avaya Communication Manager Multiple Security Vulnerabilities Source: CCN Type: VoIP Security Advisory, 2008-06-25 SIP Enablement Service View/Restore Data Credential Privilege Elevation Source: XF Type: UNKNOWN avaya-ses-interface-code-execution(43385) | ||||||
| Vulnerable Configuration: | Configuration CCN 1: Denotes that component is vulnerable | ||||||
| BACK | |||||||