Secunia
Login
|
|
|
|
|
|
|
|
|
Avaya Communication Manager Arbitrary Command Execution Vulnerabilities
Release Date: 2008-10-09 Last Update: 2008-12-30 Views: 5,580
Secunia Advisory SA32204
Where:
From remote
Impact:
System access,
Solution Status:
Vendor Patch
Software:
CVE Reference(s):
Description
Two vulnerabilities have been reported in Avaya Communication Manager, which can be exploited by malicious users to compromise a vulnerable system.
1) An error in the "Set Static Routes" web management functionality can be exploited to execute arbitrary commands with root privileges.
2) An error in the "Backup History" web management functionality can be exploited to execute arbitrary commands.
Successful exploitation requires valid user credentials for the web management interface.
The vulnerabilities are reported in versions 3.1.x, 4.0.x and 5.0.
Solution:
CM 3.1.x:
Further details available to Secunia VIM customers
Provided and/or discovered by:
VoIPshield
Original Advisory:
Avaya:
http://support.avaya.com/elmodocs2/security/ASA-2008-391.htm
VoIPshield:
http://www.voipshield.com/research-details.php?id=121
http://www.voipshield.com/research-details.php?id=122
Deep Links:
Links available to Secunia VIM customers
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this information to vuln@secunia.com
Subject: Avaya Communication Manager Arbitrary Command Execution Vulnerabilities
|
No posts yet |
|
You must be logged in to post a comment. |
