Remote Privilege Escalation in Avaya SIP Enablement Services Web Management Interface
CVE-2008-6708

Currently unrated

Key Information:

Vendor: Avaya
Status: Communication Manager; Sip Enablement Services
Vendor: CVE Published:; 10 April 2009

Summary

A security flaw exists in the web management interface of Avaya SIP Enablement Services 3.x and 4.0. This vulnerability enables remote authenticated administrators to potentially gain root privileges through multiple undetermined means associated with the configuration of data viewing or restoring parameters. This could allow for unauthorized access to critical system functions, emphasizing the need for immediate attention to security configurations.

References

http://www.vupen.com/english/advisories/2008/1943/references

vdb-entryx_refsource_VUPEN

http://secunia.com/advisories/30751

third-party-advisoryx_refsource_SECUNIA

http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm

x_refsource_CONFIRM

Timeline

Vulnerability published
Apr 10, 2009
Vulnerability Reserved
Apr 10, 2009