CVE-2008-5709: Input Validation
First published: Wed Dec 24 2008(Updated: )
Multiple unspecified vulnerabilities in the web management interface in Avaya Communication Manager (CM) 3.1 before 3.1.4 SP2, 4.0 before 4.0.3 SP1, and 5.0 before 5.0 SP3 allow remote authenticated users to execute arbitrary code via unknown attack vectors in the (1) Set Static Routes and (2) Backup History components.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Avaya Communication Manager | =5.0 | |
| Avaya Communication Manager | =4.0.1-sp15500 | |
| Avaya Communication Manager | =3.1.2 | |
| Avaya Communication Manager | =3.1.4-sp1 | |
| Avaya Communication Manager | =3.1.1 | |
| Avaya Communication Manager | =4.0 | |
| Avaya Communication Manager | =4.0.1-sp15215 | |
| Avaya Communication Manager | =5.0-sp1 | |
| Avaya Communication Manager | =5.0-sp2 | |
| Avaya Communication Manager | =4.0.3 | |
| Avaya Communication Manager | =3.1.3 | |
| Avaya Communication Manager | =4.0.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.securityfocus.com/bid/31645
- http://www.voipshield.com/research-details.php?id=121
- http://support.avaya.com/elmodocs2/security/ASA-2008-391.htm
- http://www.voipshield.com/research-details.php?id=122
- http://secunia.com/advisories/32204
- http://www.vupen.com/english/advisories/2008/2772
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45749
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45747
Frequently Asked Questions
What is the severity of CVE-2008-5709?
CVE-2008-5709 is classified as a medium severity vulnerability.
How do I fix CVE-2008-5709?
To mitigate CVE-2008-5709, upgrade Avaya Communication Manager to at least version 3.1.4 SP2, 4.0.3 SP1, or 5.0 SP3.
Which versions of Avaya Communication Manager are affected by CVE-2008-5709?
CVE-2008-5709 affects Avaya Communication Manager versions 3.1.x before 3.1.4 SP2, 4.0.x before 4.0.3 SP1, and 5.0.x before 5.0 SP3.
Can CVE-2008-5709 be exploited remotely?
Yes, CVE-2008-5709 can be exploited by remote authenticated users to execute arbitrary code.
What is the impact of CVE-2008-5709 on system security?
The impact of CVE-2008-5709 includes potential unauthorized execution of arbitrary code, which could compromise the integrity of the system.
- collector/nvd-historical
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/author
- agent/severity
- agent/weakness
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- vendor/avaya
- canonical/avaya communication manager
- version/avaya communication manager/5.0
- version/avaya communication manager/4.0.1-sp15500
- version/avaya communication manager/3.1.2
- version/avaya communication manager/3.1.4-sp1
- version/avaya communication manager/3.1.1
- version/avaya communication manager/4.0
- version/avaya communication manager/4.0.1-sp15215
- version/avaya communication manager/5.0-sp1
- version/avaya communication manager/5.0-sp2
- version/avaya communication manager/4.0.3
- version/avaya communication manager/3.1.3
- version/avaya communication manager/4.0.1