Shell Command Injection in Avaya Communication Manager Products
CVE-2007-1490

Currently unrated

Key Information:

Vendor: Avaya
Status: Communication Manager
Vendor: CVE Published:; 16 March 2007

Summary

A vulnerability exists in Avaya S87XX, S8500, and S8300 products prior to version CM 3.1.3, as well as in Avaya SES, which allows remote authenticated users to execute arbitrary commands. This can be achieved through specially crafted shell metacharacters that manipulate the command execution process. Such exploitation could lead to unauthorized command execution, posing significant security risks for affected organizations. It is recommended to update to the latest version to mitigate this vulnerability.

References

http://secunia.com/advisories/24434

third-party-advisoryx_refsource_SECUNIA

http://www.osvdb.org/33300

vdb-entryx_refsource_OSVDB

http://support.avaya.com/elmodocs2/security/ASA-2007-052.htm

x_refsource_CONFIRM

Timeline

Vulnerability published
Mar 16, 2007
Vulnerability Reserved
Mar 16, 2007