CVE-2008-6706

Name of the Vulnerable Software and Affected Versions Avaya SIP Enablement Services (SES) versions 3.x through 4.0 Avaya Communication Manager versions 3.1.x

Description The issue allows remote attackers to obtain sensitive information, including application server configuration, database server configuration with encrypted passwords, and access to system utilities for decrypting and encrypting passwords.

Recommendations For Avaya SIP Enablement Services (SES) versions 3.x through 4.0, restrict access to the Web management interface to minimize the risk of exploitation. For Avaya Communication Manager versions 3.1.x, consider disabling remote access to the management interface until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.