Vulnerability CVE-2008-5710 - CERT Civis.Net

Vulnerability Name:

CVE-2008-5710 (CCN-45750)

Assigned:

2008-10-08

Published:

2008-10-08

Updated:

2017-08-08

Summary:

Multiple unspecified vulnerabilities in the web management interface in Avaya Communication Manager (CM) 3.1.x, 4.0.3, and 5.x allow remote attackers to read (1) configuration files, (2) log files, (3) binary image files, and (4) help files via unknown vectors.

CVSS v3 Severity:

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): None Availibility (A): None

CVSS v2 Severity:

5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

Vulnerability Type:

Vulnerability Consequences:

Obtain Information

References:

Source: MITRE
Type: CNA
CVE-2008-5710

Source: CCN
Type: SA32035
Avaya Communication Manager Information Disclosure Vulnerability

Source: SECUNIA
Type: Vendor Advisory
32035

Source: CONFIRM
Type: Vendor Advisory
http://support.avaya.com/elmodocs2/security/ASA-2008-394.htm

Source: CCN
Type: ASA-2008-394
Unauthenticated file access via CM web server

Source: CCN
Type: Avaya Web site
Communication Manager

Source: CCN
Type: OSVDB ID: 48931
Avaya Communication Manager Unspecified Remote Information Disclosure

Source: BID
Type: UNKNOWN
31639

Source: CCN
Type: BID-31639
Avaya Communication Manager Web Server Configuration Unauthorized Access Vulnerability

Source: CCN
Type: VoIP Security Advisory, 2008-10-08
Avaya Communication Manager Unauthorized Web Access

Source: MISC
Type: UNKNOWN
http://www.voipshield.com/research-details.php?id=123

Source: VUPEN
Type: UNKNOWN
ADV-2008-2774

Source: XF
Type: UNKNOWN
avaya-cm-configuration-info-disclosure(45750)

Source: XF
Type: UNKNOWN
avaya-cm-configuration-info-disclosure(45750)

Vulnerable Configuration:

Configuration 1:

cpe:/a:avaya:communication_manager:3.1:*:*:*:*:*:*:*

OR cpe:/a:avaya:communication_manager:3.1.1:*:*:*:*:*:*:*

OR cpe:/a:avaya:communication_manager:3.1.2:*:*:*:*:*:*:*

OR cpe:/a:avaya:communication_manager:3.1.3:*:*:*:*:*:*:*

OR cpe:/a:avaya:communication_manager:3.1.4:*:*:*:*:*:*:*

OR cpe:/a:avaya:communication_manager:3.1.4:sp1:*:*:*:*:*:*

OR cpe:/a:avaya:communication_manager:3.1.4:sp2:*:*:*:*:*:*

OR cpe:/a:avaya:communication_manager:3.1.5:*:*:*:*:*:*:*

OR cpe:/a:avaya:communication_manager:3.1.5:sp0:*:*:*:*:*:*

OR cpe:/a:avaya:communication_manager:4.0.3:*:*:*:*:*:*:*

OR cpe:/a:avaya:communication_manager:5.0:*:*:*:*:*:*:*

OR cpe:/a:avaya:communication_manager:5.0:sp1:*:*:*:*:*:*

OR cpe:/a:avaya:communication_manager:5.0:sp2:*:*:*:*:*:*

OR cpe:/a:avaya:communication_manager:5.0:sp3:*:*:*:*:*:*

OR cpe:/a:avaya:communication_manager:5.1:*:*:*:*:*:*:*

OR cpe:/a:avaya:communication_manager:5.1:sp1:*:*:*:*:*:*

OR cpe:/a:avaya:communication_manager:5.1.1:*:*:*:*:*:*:*

OR cpe:/a:avaya:communication_manager:5.1.1:sp1:*:*:*:*:*:*

OR cpe:/a:avaya:communication_manager:5.1.2:*:*:*:*:*:*:*

OR cpe:/a:avaya:communication_manager:5.1.2:sp0:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:avaya:communication_manager:3.1:*:*:*:*:*:*:*

OR cpe:/a:avaya:communication_manager:4.0.3:*:*:*:*:*:*:*

OR cpe:/a:avaya:communication_manager:5.0:*:*:*:*:*:*:*

Denotes that component is vulnerable