| Vulnerability Name: | CVE-2008-6706 (CCN-43382) | ||||||||
| Assigned: | 2008-06-25 | ||||||||
| Published: | 2008-06-25 | ||||||||
| Updated: | 2017-08-17 | ||||||||
| Summary: | Multiple unspecified vulnerabilities in the Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, allow remote attackers to obtain (1) application server configuration, (2) database server configuration including encrypted passwords, (3) a system utility that decrypts "subscriber table passwords," (4) a system utility that decrypts database passwords, and (5) a system utility that encrypts "subscriber table passwords." | ||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
| ||||||||
| CVSS v2 Severity: | 7.8 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:N/A:N) 6.3 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:N/A:N/E:U/RL:U/RC:UR)
4.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:U/RC:UR)
| ||||||||
| Vulnerability Type: | CWE-noinfo | ||||||||
| Vulnerability Consequences: | Obtain Information | ||||||||
| References: | Source: MITRE Type: CNA CVE-2008-6706 Source: OSVDB Type: UNKNOWN 46602 Source: CCN Type: SA30751 Avaya SIP Enablement Services Multiple Vulnerabilities Source: SECUNIA Type: UNKNOWN 30751 Source: CONFIRM Type: Vendor Advisory http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm Source: CCN Type: ASA-2008-268 Additional Input Validation Vulnerabilities in Avaya SES SIP Server Source: CCN Type: Avaya Web site Telecommunication Systems by Avaya: Business Telecommunications for your Company Source: CCN Type: OSVDB ID: 46602 Avaya SIP Enablement Services (SES) Web Admin Interface Server Configuration Information Disclosure Source: BID Type: UNKNOWN 29939 Source: CCN Type: BID-29939 Avaya Communication Manager Multiple Security Vulnerabilities Source: MISC Type: UNKNOWN http://www.voipshield.com/research-details.php?id=81 Source: MISC Type: UNKNOWN http://www.voipshield.com/research-details.php?id=82 Source: CCN Type: VoIP Security Advisory, 2008-06-25 SIP Enablement Service Web Interface Password Decryption Utility Disclosure Source: MISC Type: UNKNOWN http://www.voipshield.com/research-details.php?id=83 Source: MISC Type: UNKNOWN http://www.voipshield.com/research-details.php?id=84 Source: MISC Type: UNKNOWN http://www.voipshield.com/research-details.php?id=85 Source: VUPEN Type: UNKNOWN ADV-2008-1943 Source: XF Type: UNKNOWN avaya-ses-tablepasswords-info-disclosure(43382) Source: XF Type: UNKNOWN avaya-ses-tablepasswords-info-disclosure(43382) Source: XF Type: UNKNOWN avaya-ses-passwordencryption-info-disclosure(43383) Source: XF Type: UNKNOWN avaya-ses-databasepassword-info-disclosure(43387) Source: XF Type: UNKNOWN avaya-ses-databaseserver-info-disclosure(43388) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||