Input Validation Vulnerabilities in Avaya Messaging Administration Interface
CVE-2008-3081

Currently unrated

Key Information:

Vendor: Avaya
Status: Messaging Storage Server
Vendor: CVE Published:; 9 July 2008

Summary

The Avaya Message Storage Server features multiple unspecified input validation vulnerabilities within its Web management and Messaging Administration interface. These flaws permit remote authenticated administrators to execute arbitrary commands as the user vexvm. Attack vectors associated with the vulnerabilities include configurations for SFTP Remote Store and FTP storage settings, name server lookups, networking parameters, and several operational forms related to external host management, alarm settings, and system time configurations. Exploiting these vulnerabilities may allow unauthorized command execution, posing significant security risks to affected systems.

References

http://www.securityfocus.com/bid/29938

vdb-entryx_refsource_BID

http://www.voipshield.com/research-details.php?id=92

x_refsource_MISC

http://www.voipshield.com/research-details.php?id=104

x_refsource_MISC

Timeline

Vulnerability published
Jul 9, 2008
Vulnerability Reserved
Jul 8, 2008