CVE-2008-6709
First published: Fri Apr 10 2009(Updated: )
Unspecified vulnerability in the Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, allows remote authenticated users to execute arbitrary commands via unknown vectors related to configuration of "local data viewing or restoring parameters."
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Avaya Aura SIP Enablement Services | =3.0 | |
| Avaya Aura SIP Enablement Services | =3.1 | |
| Avaya Aura SIP Enablement Services | =3.1.1 | |
| Avaya Aura SIP Enablement Services | =4.0 | |
| Avaya Aura Communication Manager | =3.1 | |
| Avaya Aura Communication Manager | =3.1.1 | |
| Avaya Aura Communication Manager | =3.1.2 | |
| Avaya Aura Communication Manager | =3.1.3 | |
| Avaya Aura Communication Manager | =3.1.4 | |
| Avaya Aura Communication Manager | =3.1.4-sp1 | |
| Avaya Aura Communication Manager | =3.1.4-sp2 | |
| Avaya Aura Communication Manager | =3.1.5 | |
| Avaya Aura Communication Manager | =3.1.5-sp0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.voipshield.com/research-details.php?id=78
- http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm
- http://www.osvdb.org/46603
- http://secunia.com/advisories/30751
- http://www.vupen.com/english/advisories/2008/1943/references
- http://www.securityfocus.com/bid/29939
- https://exchange.xforce.ibmcloud.com/vulnerabilities/43380
Frequently Asked Questions
What is the severity of CVE-2008-6709?
CVE-2008-6709 is considered a critical vulnerability due to its potential to allow remote authenticated users to execute arbitrary commands.
How do I fix CVE-2008-6709?
To mitigate CVE-2008-6709, upgrade to the latest version of Avaya SIP Enablement Services or apply any available security patches.
Which Avaya products are affected by CVE-2008-6709?
CVE-2008-6709 affects Avaya SIP Enablement Services versions 3.0, 3.1, 3.1.1, and 4.0, as well as various versions of Avaya Communication Manager.
What types of attacks could exploit CVE-2008-6709?
Exploitation of CVE-2008-6709 could lead to unauthorized command execution, which may compromise the integrity and confidentiality of systems.
Is CVE-2008-6709 actively being exploited?
There have been reports of CVE-2008-6709 being targeted by attackers, making it crucial for affected users to apply fixes promptly.
- collector/nvd-historical
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/author
- agent/references
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/avaya
- canonical/avaya aura sip enablement services
- version/avaya aura sip enablement services/3.0
- version/avaya aura sip enablement services/3.1
- version/avaya aura sip enablement services/3.1.1
- version/avaya aura sip enablement services/4.0
- canonical/avaya aura communication manager
- version/avaya aura communication manager/3.1
- version/avaya aura communication manager/3.1.1
- version/avaya aura communication manager/3.1.2
- version/avaya aura communication manager/3.1.3
- version/avaya aura communication manager/3.1.4
- version/avaya aura communication manager/3.1.4-sp1
- version/avaya aura communication manager/3.1.4-sp2
- version/avaya aura communication manager/3.1.5
- version/avaya aura communication manager/3.1.5-sp0