Remote Command Execution in Avaya SIP Enablement Services
CVE-2008-6709

Currently unrated

Key Information:

Vendor: Avaya
Status: Sip Enablement Services; Communication Manager
Vendor: CVE Published:; 10 April 2009

Summary

An unspecified vulnerability exists in the web management interface of Avaya SIP Enablement Services (SES) versions 3.x and 4.0. This security flaw allows remote authenticated users to execute arbitrary commands on the system. The vulnerability is related to the configuration of parameters used for viewing or restoring local data, which can be exploited through various unknown vectors. Organizations using affected versions should prioritize applying security updates and reviewing configurations to mitigate potential risks.

References

http://www.vupen.com/english/advisories/2008/1943/references

vdb-entryx_refsource_VUPEN

http://secunia.com/advisories/30751

third-party-advisoryx_refsource_SECUNIA

http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm

x_refsource_CONFIRM

Timeline

Vulnerability published
Apr 10, 2009
Vulnerability Reserved
Apr 10, 2009