PT-2009-2178 · Avaya · Avaya Communication Manager+1

Published

2009-04-10

Updated

2017-08-17

CVE-2008-6709

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Avaya SIP Enablement Services (SES) versions 3.x through 4.0 Avaya Communication Manager versions 3.1.x

Description The issue allows remote authenticated users to execute arbitrary commands, related to the configuration of local data viewing or restoring parameters in the Web management interface.

Recommendations For Avaya SIP Enablement Services (SES) versions 3.x through 4.0, restrict access to the Web management interface until a fix is available. For Avaya Communication Manager versions 3.1.x, consider disabling remote access to the configuration of local data viewing or restoring parameters as a temporary workaround.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2008-6709

Affected Products

Avaya Communication Manager

Avaya Sip Enablement Services

PT-2009-2178 · Avaya · Avaya Communication Manager+1

CVE-2008-6709

Related Identifiers

Affected Products

References · 8