Authentication Flaw in Avaya SIP Enablement Services Web Interface
CVE-2008-6707

Currently unrated

Key Information:

Vendor: Avaya
Status: Sip Enablement Services; Communication Manager
Vendor: CVE Published:; 10 April 2009

Summary

The web management interface of Avaya SIP Enablement Services versions 3.x and 4.0 lacks proper authentication for certain functionalities. This vulnerability allows remote attackers to gain unauthorized access to sensitive information and restricted capabilities. Attackers can exploit various entry points, including the certificate installation utility and default applications, to compromise server configuration data and other critical information.

References

http://www.vupen.com/english/advisories/2008/1943/references

vdb-entryx_refsource_VUPEN

http://secunia.com/advisories/30751

third-party-advisoryx_refsource_SECUNIA

http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm

x_refsource_CONFIRM

Timeline

Vulnerability published
Apr 10, 2009
Vulnerability Reserved
Apr 10, 2009