CVE-2012-3811

Name of the Vulnerable Software and Affected Versions Avaya IP Office Customer Call Reporter versions 7.0 through 7.0.5.8 Avaya IP Office Customer Call Reporter versions 8.0 through 8.0.9.13

Description The issue concerns an unrestricted file upload vulnerability in the ImageUpload.ashx component of the Wallboard application. This allows remote attackers to execute arbitrary code by uploading an executable file and then accessing it via a direct request.

Recommendations For Avaya IP Office Customer Call Reporter versions 7.0 through 7.0.5.8, update to version 7.0.5.8 Q1 2012 Maintenance Release or later. For Avaya IP Office Customer Call Reporter versions 8.0 through 8.0.9.13, update to version 8.0.9.13 Q1 2012 Maintenance Release or later.