Vulnerability Name:

CVE-2008-6711 (CCN-43391)

Assigned:2008-06-25
Published:2008-06-25
Updated:2017-08-17
Summary:Unspecified vulnerability in the Web administration interface in Avaya Communication Manager 3.1.x before CM 3.1.4 SP2 and 4.0.x before 4.0.3 SP1 allows remote authenticated users to execute arbitrary commands via unknown vectors related to "viewing system logs."
CVSS v3 Severity:9.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): Required
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:9.0 High (CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C)
7.3 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C/E:U/RL:U/RC:UR)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
9.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C)
7.3 High (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C/E:U/RL:U/RC:UR)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-noinfo
Vulnerability Consequences:Gain Privileges
References:Source: MITRE
Type: CNA
CVE-2008-6711

Source: CCN
Type: SA30799
Avaya Communication Manager Input Validation Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
30799

Source: CONFIRM
Type: Vendor Advisory
http://support.avaya.com/elmodocs2/security/ASA-2008-270.htm

Source: CCN
Type: ASA-2008-270
Additional Input Validation Vulnerabilities in Avaya Communication Manager Web Interface

Source: CCN
Type: Avaya Web site
Telecommunication Systems by Avaya: Business Telecommunications for your Company

Source: OSVDB
Type: UNKNOWN
46581

Source: CCN
Type: OSVDB ID: 46581
Avaya Communication Manager Web Interface System Log Viewing Unspecified Arbitrary Code Execution

Source: BID
Type: UNKNOWN
29939

Source: CCN
Type: BID-29939
Avaya Communication Manager Multiple Security Vulnerabilities

Source: CCN
Type: VoIP Security Advisory, 2008-06-25
Communication Manager System Log Viewer Arbitrary Command Execution

Source: MISC
Type: UNKNOWN
http://www.voipshield.com/research-details.php?id=80

Source: VUPEN
Type: UNKNOWN
ADV-2008-1944

Source: XF
Type: UNKNOWN
avaya-cm-log-command-execution(43391)

Source: XF
Type: UNKNOWN
avaya-cm-log-command-execution(43391)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:avaya:communication_manager:3.1:*:*:*:*:*:*:*
  • OR cpe:/a:avaya:communication_manager:3.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:avaya:communication_manager:3.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:avaya:communication_manager:3.1.3:*:*:*:*:*:*:*
  • OR cpe:/a:avaya:communication_manager:3.1.4:*:*:*:*:*:*:*
  • OR cpe:/a:avaya:communication_manager:3.1.4:sp1:*:*:*:*:*:*
  • OR cpe:/a:avaya:communication_manager:4.0:*:*:*:*:*:*:*
  • OR cpe:/a:avaya:communication_manager:4.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:avaya:communication_manager:4.0.1:sp15215:*:*:*:*:*:*
  • OR cpe:/a:avaya:communication_manager:4.0.1:sp15500:*:*:*:*:*:*
  • OR cpe:/a:avaya:communication_manager:4.0.3:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:avaya:communication_manager:3.1:*:*:*:*:*:*:*
  • OR cpe:/a:avaya:communication_manager:4.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:avaya:communication_manager:3.1.4:*:*:*:*:*:*:*
  • OR cpe:/a:avaya:communication_manager:4.0:*:*:*:*:*:*:*
  • OR cpe:/a:avaya:communication_manager:3.1.3:*:*:*:*:*:*:*
  • OR cpe:/a:avaya:communication_manager:3.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:avaya:communication_manager:3.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:avaya:communication_manager:4.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:avaya:communication_manager:3.1.4:sp1:*:*:*:*:*:*
  • OR cpe:/a:avaya:communication_manager:4.0.1:sp15215:*:*:*:*:*:*
  • OR cpe:/a:avaya:communication_manager:4.0.1:sp15500:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    avaya communication manager 3.1
    avaya communication manager 3.1.1
    avaya communication manager 3.1.2
    avaya communication manager 3.1.3
    avaya communication manager 3.1.4
    avaya communication manager 3.1.4 sp1
    avaya communication manager 4.0
    avaya communication manager 4.0.1
    avaya communication manager 4.0.1 sp15215
    avaya communication manager 4.0.1 sp15500
    avaya communication manager 4.0.3
    avaya communication manager 3.1
    avaya communication manager 4.0.3
    avaya communication manager 3.1.4
    avaya communication manager 4.0
    avaya communication manager 3.1.3
    avaya communication manager 3.1.1
    avaya communication manager 3.1.2
    avaya communication manager 4.0.1
    avaya communication manager 3.1.4 sp1
    avaya communication manager 4.0.1 sp15215
    avaya communication manager 4.0.1 sp15500