| Vulnerability Name: | CVE-2008-5709 (CCN-45747) | ||||||||
| Assigned: | 2008-10-08 | ||||||||
| Published: | 2008-10-08 | ||||||||
| Updated: | 2017-08-08 | ||||||||
| Summary: | Multiple unspecified vulnerabilities in the web management interface in Avaya Communication Manager (CM) 3.1 before 3.1.4 SP2, 4.0 before 4.0.3 SP1, and 5.0 before 5.0 SP3 allow remote authenticated users to execute arbitrary code via unknown attack vectors in the (1) Set Static Routes and (2) Backup History components. | ||||||||
| CVSS v3 Severity: | 5.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 9.0 High (CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C) 6.7 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C/E:U/RL:OF/RC:C)
4.8 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-noinfo CWE-20 | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: MITRE Type: CNA CVE-2008-5709 Source: CCN Type: SA32204 Avaya Communication Manager Arbitrary Command Execution Vulnerabilities Source: SECUNIA Type: Vendor Advisory 32204 Source: CONFIRM Type: Vendor Advisory http://support.avaya.com/elmodocs2/security/ASA-2008-391.htm Source: CCN Type: ASA-2008-391 Input Validation Vulnerabilities in Avaya Communication Manager Web Interface Source: CCN Type: Avaya Web site Communication Manager Source: BID Type: UNKNOWN 31645 Source: CCN Type: BID-31645 Avaya Communication Manager Web Administration Multiple Security Vulnerabilities Source: MISC Type: UNKNOWN http://www.voipshield.com/research-details.php?id=121 Source: CCN Type: VoIP Security Advisory, 2008-10-08 Avaya Communication Manager Web Administration Interface - Code Execution Vulnerability Source: MISC Type: UNKNOWN http://www.voipshield.com/research-details.php?id=122 Source: VUPEN Type: UNKNOWN ADV-2008-2772 Source: XF Type: UNKNOWN avaya-cm-backuphistory-cmd-execution(45747) Source: XF Type: UNKNOWN avaya-cm-backuphistory-cmd-execution(45747) Source: XF Type: UNKNOWN avaya-cm-setstatic-command-execution(45749) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| Vulnerability Name: | CVE-2008-5709 (CCN-45749) | ||||||||
| Assigned: | 2008-10-08 | ||||||||
| Published: | 2008-10-08 | ||||||||
| Updated: | 2017-08-08 | ||||||||
| Summary: | Multiple unspecified vulnerabilities in the web management interface in Avaya Communication Manager (CM) 3.1 before 3.1.4 SP2, 4.0 before 4.0.3 SP1, and 5.0 before 5.0 SP3 allow remote authenticated users to execute arbitrary code via unknown attack vectors in the (1) Set Static Routes and (2) Backup History components. | ||||||||
| CVSS v3 Severity: | 9.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H)
| ||||||||
| CVSS v2 Severity: | 9.0 High (CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C) 6.7 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C/E:U/RL:OF/RC:C)
6.7 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-20 CWE-noinfo | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: MITRE Type: CNA CVE-2008-5709 Source: CCN Type: SA32204 Avaya Communication Manager Arbitrary Command Execution Vulnerabilities Source: CCN Type: ASA-2008-391 Input Validation Vulnerabilities in Avaya Communication Manager Web Interface Source: CCN Type: Avaya Web site Communication Manager Source: CCN Type: BID-31645 Avaya Communication Manager Web Administration Multiple Security Vulnerabilities Source: CCN Type: VoIP Security Advisory, 2008-10-08 Avaya Communication Manager Web Administration Interface - Privilege Elevation Vulnerability Source: XF Type: UNKNOWN avaya-cm-setstatic-command-execution(45749) | ||||||||
| BACK | |||||||||