CVE-2008-3081: Input Validation
First published: Wed Jul 09 2008(Updated: )
Multiple unspecified "input validation" vulnerabilities in the Web management interface (aka Messaging Administration interface) in Avaya Message Storage Server (MSS) 3.x and 4.0, and possibly Communication Manager 3.1.x, allow remote authenticated administrators to execute arbitrary commands as user vexvm via vectors related to (1) SFTP Remote Store configuration; (2) remote FTP storage settings; (3) name server lookup; (4) pinging another host; (5) TCP/IP Networking parameter configuration; (6) the external hosts configuration main page; (7) adding and changing external hosts; (8) Windows domain parameter configuration; (9) date, time, and NTP server configuration; (10) alarm settings; (11) the command line history form; (12) the maintenance form; and (13) the server events form.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Avaya Modular Messaging Message Storage Server | =3 | |
| Avaya Modular Messaging Message Storage Server | =3.1 | |
| Avaya Modular Messaging Message Storage Server | =4.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.voipshield.com/research-details.php?id=100
- http://www.voipshield.com/research-details.php?id=101
- http://www.voipshield.com/research-details.php?id=102
- http://www.voipshield.com/research-details.php?id=103
- http://www.voipshield.com/research-details.php?id=104
- http://www.voipshield.com/research-details.php?id=92
- http://www.voipshield.com/research-details.php?id=93
- http://www.voipshield.com/research-details.php?id=94
- http://www.voipshield.com/research-details.php?id=95
- http://www.voipshield.com/research-details.php?id=96
- http://www.voipshield.com/research-details.php?id=97
- http://www.voipshield.com/research-details.php?id=98
- http://www.voipshield.com/research-details.php?id=99
- http://support.avaya.com/elmodocs2/security/ASA-2008-269.htm
- http://www.securityfocus.com/bid/29938
- http://secunia.com/advisories/30777
- http://osvdb.org/46587
- http://www.vupen.com/english/advisories/2008/1945/references
- https://exchange.xforce.ibmcloud.com/vulnerabilities/43424
- https://exchange.xforce.ibmcloud.com/vulnerabilities/43423
- https://exchange.xforce.ibmcloud.com/vulnerabilities/43422
Frequently Asked Questions
What is the severity of CVE-2008-3081?
CVE-2008-3081 is classified as a critical vulnerability due to the potential for remote command execution.
How do I fix CVE-2008-3081?
To fix CVE-2008-3081, you should apply the latest patches from Avaya for the affected versions of Messaging Storage Server.
Who is affected by CVE-2008-3081?
CVE-2008-3081 affects remote authenticated administrators using Avaya Messaging Storage Server versions 3.1, 3.x, and 4.0.
What can attackers do exploiting CVE-2008-3081?
Exploiting CVE-2008-3081 allows authenticated attackers to execute arbitrary commands on the server.
What type of vulnerability is CVE-2008-3081?
CVE-2008-3081 is an input validation vulnerability within the Web management interface of Avaya products.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/last-modified-date
- agent/weakness
- agent/severity
- agent/references
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/avaya
- canonical/avaya modular messaging message storage server
- version/avaya modular messaging message storage server/3
- version/avaya modular messaging message storage server/3.1
- version/avaya modular messaging message storage server/4.0