CVE-2008-3778

Name of the Vulnerable Software and Affected Versions Avaya SIP Enablement Services version 5.0 Avaya Communication Manager (CM) version 5.0 on the S8300C with SES enabled

Description The issue allows remote attackers to cause a denial of service or gain privileges via an update request to the remote management interface in SIP Enablement Services (SES) Server, due to the interface proceeding with Core router updates even when a login is invalid.

Recommendations For Avaya SIP Enablement Services version 5.0, update the software to prevent the interface from proceeding with Core router updates when a login is invalid. For Avaya Communication Manager (CM) version 5.0 on the S8300C with SES enabled, update the software to prevent the interface from proceeding with Core router updates when a login is invalid.