CVE-2008-6707
First published: Fri Apr 10 2009(Updated: )
The Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, does not perform authentication for certain functionality, which allows remote attackers to obtain sensitive information and access restricted functionality via (1) the certificate installation utility, (2) unspecified scripts in the objects folder, (3) an "unnecessary default application," (4) unspecified scripts in the states folder, (5) an unspecified "default application" that lists server configuration, and (6) "full system help."
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Avaya Aura SIP Enablement Services | =3.0 | |
| Avaya Aura SIP Enablement Services | =3.1 | |
| Avaya Aura SIP Enablement Services | =3.1.1 | |
| Avaya Aura SIP Enablement Services | =4.0 | |
| Avaya Aura Communication Manager | =3.1 | |
| Avaya Aura Communication Manager | =3.1.1 | |
| Avaya Aura Communication Manager | =3.1.2 | |
| Avaya Aura Communication Manager | =3.1.3 | |
| Avaya Aura Communication Manager | =3.1.4 | |
| Avaya Aura Communication Manager | =3.1.4-sp1 | |
| Avaya Aura Communication Manager | =3.1.4-sp2 | |
| Avaya Aura Communication Manager | =3.1.5 | |
| Avaya Aura Communication Manager | =3.1.5-sp0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.voipshield.com/research-details.php?id=89
- http://www.voipshield.com/research-details.php?id=90
- http://www.voipshield.com/research-details.php?id=88
- http://www.voipshield.com/research-details.php?id=87
- http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm
- http://www.voipshield.com/research-details.php?id=86
- http://www.voipshield.com/research-details.php?id=91
- http://www.vupen.com/english/advisories/2008/1943/references
- http://secunia.com/advisories/30751
- http://www.securityfocus.com/bid/29939
- http://osvdb.org/46599
- http://osvdb.org/46600
- http://osvdb.org/46598
- https://exchange.xforce.ibmcloud.com/vulnerabilities/43395
- https://exchange.xforce.ibmcloud.com/vulnerabilities/43394
- https://exchange.xforce.ibmcloud.com/vulnerabilities/43393
- https://exchange.xforce.ibmcloud.com/vulnerabilities/43389
- https://exchange.xforce.ibmcloud.com/vulnerabilities/43384
- https://exchange.xforce.ibmcloud.com/vulnerabilities/43381
Frequently Asked Questions
What is the severity of CVE-2008-6707?
CVE-2008-6707 has been rated as a critical severity vulnerability due to its potential for unauthorized access to sensitive information.
How do I fix CVE-2008-6707?
To mitigate CVE-2008-6707, apply the latest patches provided by Avaya for the affected versions of SIP Enablement Services and Communication Manager.
What are the affected versions of software by CVE-2008-6707?
CVE-2008-6707 affects Avaya SIP Enablement Services 3.x and 4.0, along with Avaya Communication Manager versions 3.1 and several service packs.
What type of attackers can exploit CVE-2008-6707?
CVE-2008-6707 can be exploited by remote attackers who can access the web management interface without proper authentication.
What kind of information can be accessed due to CVE-2008-6707?
CVE-2008-6707 allows attackers to access sensitive information and restricted functionalities through the vulnerable web management interface.
- collector/nvd-historical
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/author
- agent/references
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/avaya
- canonical/avaya aura sip enablement services
- version/avaya aura sip enablement services/3.0
- version/avaya aura sip enablement services/3.1
- version/avaya aura sip enablement services/3.1.1
- version/avaya aura sip enablement services/4.0
- canonical/avaya aura communication manager
- version/avaya aura communication manager/3.1
- version/avaya aura communication manager/3.1.1
- version/avaya aura communication manager/3.1.2
- version/avaya aura communication manager/3.1.3
- version/avaya aura communication manager/3.1.4
- version/avaya aura communication manager/3.1.4-sp1
- version/avaya aura communication manager/3.1.4-sp2
- version/avaya aura communication manager/3.1.5
- version/avaya aura communication manager/3.1.5-sp0