CVE-2008-6707

Name of the Vulnerable Software and Affected Versions Avaya SIP Enablement Services (SES) versions 3.x through 4.0 Avaya Communication Manager version 3.1.x

Description The issue concerns the Web management interface, which fails to perform authentication for certain functionality. This allows remote attackers to obtain sensitive information and access restricted functionality via various means, including the certificate installation utility, unspecified scripts in the objects and states folders, an unnecessary default application, an unspecified default application that lists server configuration, and full system help.

Recommendations For Avaya SIP Enablement Services (SES) versions 3.x through 4.0, consider restricting access to the Web management interface until a fix is available. For Avaya Communication Manager version 3.1.x, restrict access to the Web management interface and consider disabling unnecessary default applications and scripts in the objects and states folders until a patch is applied. At the moment, there is no information about a newer version that contains a fix for this vulnerability.