PT-2008-5137 · Avaya · Avaya Communication Manager+1

Published

2008-08-25

Updated

2017-08-08

CVE-2008-3778

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Avaya SIP Enablement Services version 5.0 Avaya Communication Manager (CM) version 5.0 on the S8300C with SES enabled

Description The issue allows remote attackers to cause a denial of service or gain privileges via an update request to the remote management interface in SIP Enablement Services (SES) Server, due to the interface proceeding with Core router updates even when a login is invalid.

Recommendations For Avaya SIP Enablement Services version 5.0, update the software to prevent the interface from proceeding with Core router updates when a login is invalid. For Avaya Communication Manager (CM) version 5.0 on the S8300C with SES enabled, update the software to prevent the interface from proceeding with Core router updates when a login is invalid.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2008-3778

Affected Products

Avaya Communication Manager

Avaya Sip Enablement Services

PT-2008-5137 · Avaya · Avaya Communication Manager+1

CVE-2008-3778

Weakness Enumeration

Related Identifiers

Affected Products

References · 4