CVE-2008-6706
First published: Fri Apr 10 2009(Updated: )
Multiple unspecified vulnerabilities in the Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, allow remote attackers to obtain (1) application server configuration, (2) database server configuration including encrypted passwords, (3) a system utility that decrypts "subscriber table passwords," (4) a system utility that decrypts database passwords, and (5) a system utility that encrypts "subscriber table passwords."
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Avaya SIP Enablement Services | =3.0 | |
| Avaya SIP Enablement Services | =3.1 | |
| Avaya SIP Enablement Services | =3.1.1 | |
| Avaya SIP Enablement Services | =4.0 | |
| Avaya Communication Manager | =3.1 | |
| Avaya Communication Manager | =3.1.1 | |
| Avaya Communication Manager | =3.1.2 | |
| Avaya Communication Manager | =3.1.3 | |
| Avaya Communication Manager | =3.1.4 | |
| Avaya Communication Manager | =3.1.4-sp1 | |
| Avaya Communication Manager | =3.1.4-sp2 | |
| Avaya Communication Manager | =3.1.5 | |
| Avaya Communication Manager | =3.1.5-sp0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.voipshield.com/research-details.php?id=82
- http://www.voipshield.com/research-details.php?id=81
- http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm
- http://www.voipshield.com/research-details.php?id=85
- http://www.voipshield.com/research-details.php?id=84
- http://www.voipshield.com/research-details.php?id=83
- http://secunia.com/advisories/30751
- http://www.vupen.com/english/advisories/2008/1943/references
- http://www.securityfocus.com/bid/29939
- http://osvdb.org/46602
- https://exchange.xforce.ibmcloud.com/vulnerabilities/43388
- https://exchange.xforce.ibmcloud.com/vulnerabilities/43387
- https://exchange.xforce.ibmcloud.com/vulnerabilities/43383
- https://exchange.xforce.ibmcloud.com/vulnerabilities/43382
- collector/nvd-historical
- collector/nvd-index
- agent/weakness
- agent/severity
- agent/author
- agent/references
- agent/description
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/type
- agent/event
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/avaya
- canonical/avaya sip enablement services
- version/avaya sip enablement services/3.0
- version/avaya sip enablement services/3.1
- version/avaya sip enablement services/3.1.1
- version/avaya sip enablement services/4.0
- canonical/avaya communication manager
- version/avaya communication manager/3.1
- version/avaya communication manager/3.1.1
- version/avaya communication manager/3.1.2
- version/avaya communication manager/3.1.3
- version/avaya communication manager/3.1.4
- version/avaya communication manager/3.1.4-sp1
- version/avaya communication manager/3.1.4-sp2
- version/avaya communication manager/3.1.5
- version/avaya communication manager/3.1.5-sp0