CVE-2008-6708

Name of the Vulnerable Software and Affected Versions Avaya SIP Enablement Services (SES) versions 3.x through 4.0 Avaya Communication Manager versions 3.1.x through 4.x

Description The issue affects the Web management interface, allowing remote authenticated administrators to gain root privileges. This is related to the configuration of data viewing or restoring parameters.

Recommendations For Avaya SIP Enablement Services (SES) versions 3.x through 4.0, restrict access to the Web management interface until a fix is available. For Avaya Communication Manager versions 3.1.x through 4.x, limit the configuration of data viewing or restoring parameters to authorized personnel only. At the moment, there is no information about a newer version that contains a fix for this vulnerability.