Remote Management Interface Vulnerability in Avaya SIP Enablement Services
CVE-2008-3778

Currently unrated

Key Information:

Vendor: Avaya
Status: Sip Enablement Services
Vendor: CVE Published:; 25 August 2008

Summary

The remote management interface of Avaya's SIP Enablement Services Server allows for security bypass during core router updates. Even with invalid login credentials, the system proceeds with updates, which can lead to a denial of service, causing messaging outages. Additionally, this vulnerability opens the door for remote attackers to exploit the system and potentially gain elevated privileges through malicious update requests.

References

http://support.avaya.com/elmodocs2/security/ASA-2008-347.htm

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/44585

vdb-entryx_refsource_XF

http://www.securityfocus.com/bid/30758

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Aug 25, 2008
Vulnerability Reserved
Aug 25, 2008