Multiple Vulnerabilities in Avaya SIP Enablement Services Web Management Interface
CVE-2008-6706

Currently unrated

Key Information:

Vendor: Avaya
Status: Sip Enablement Services; Communication Manager
Vendor: CVE Published:; 10 April 2009

What is CVE-2008-6706?

The Web management interface of Avaya SIP Enablement Services (SES) versions 3.x and 4.0 contains multiple unspecified vulnerabilities that can be exploited by remote attackers. These vulnerabilities may allow unauthorized users to access sensitive server configurations, including application server settings and encrypted database passwords. Attackers could potentially leverage system utilities that allow decryption of 'subscriber table passwords' and compromise critical security features, exposing systems to increased risk.

References

http://www.vupen.com/english/advisories/2008/1943/references

vdb-entryx_refsource_VUPEN

http://secunia.com/advisories/30751

third-party-advisoryx_refsource_SECUNIA

http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 10, 2009
Vulnerability Reserved
Apr 10, 2009