CVE-2008-6710
First published: Fri Apr 10 2009(Updated: )
Unspecified vulnerability in the Web administration interface in Avaya Communication Manager 3.1.x before CM 3.1.4 SP2 and 4.0.x before 4.0.3 SP1 allows remote authenticated administrators to gain root privileges via unknown vectors related to "configuring data viewing or restoring credentials."
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Avaya Aura Communication Manager | =4.0.2-sp1 | |
| Avaya Aura Communication Manager | =4.0.1-sp15500 | |
| Avaya Aura Communication Manager | =3.1.2 | |
| Avaya Aura Communication Manager | =3.1.1 | |
| Avaya Aura Communication Manager | =4.0.2 | |
| Avaya Aura Communication Manager | =4.0 | |
| Avaya Aura Communication Manager | =4.0.1-sp15215 | |
| Avaya Aura Communication Manager | =3.1 | |
| Avaya Aura Communication Manager | =4.0.3 | |
| Avaya Aura Communication Manager | =3.1.3 | |
| Avaya Aura Communication Manager | =4.0.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://support.avaya.com/elmodocs2/security/ASA-2008-270.htm
- http://www.voipshield.com/research-details.php?id=79
- http://www.osvdb.org/46582
- http://www.vupen.com/english/advisories/2008/1944/references
- http://secunia.com/advisories/30799
- http://www.securityfocus.com/bid/29939
- https://exchange.xforce.ibmcloud.com/vulnerabilities/43386
Frequently Asked Questions
What is the severity of CVE-2008-6710?
CVE-2008-6710 is considered a high severity vulnerability due to the potential for remote authenticated administrators to gain root privileges.
How do I fix CVE-2008-6710?
To fix CVE-2008-6710, upgrade Avaya Communication Manager to version 3.1.4 SP2 or 4.0.3 SP1 or later.
Which versions of Avaya Communication Manager are affected by CVE-2008-6710?
Avaya Communication Manager versions 3.1.x before 3.1.4 SP2 and 4.0.x before 4.0.3 SP1 are affected by CVE-2008-6710.
What types of access does CVE-2008-6710 allow the attacker?
CVE-2008-6710 allows remote authenticated administrators to gain unauthorized root privileges.
Is there a public exploit available for CVE-2008-6710?
As of now, there is no public exploit reported for CVE-2008-6710, but its potential risk is significant given the privilege escalation.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/author
- agent/references
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/avaya
- canonical/avaya aura communication manager
- version/avaya aura communication manager/4.0.2-sp1
- version/avaya aura communication manager/4.0.1-sp15500
- version/avaya aura communication manager/3.1.2
- version/avaya aura communication manager/3.1.1
- version/avaya aura communication manager/4.0.2
- version/avaya aura communication manager/4.0
- version/avaya aura communication manager/4.0.1-sp15215
- version/avaya aura communication manager/3.1
- version/avaya aura communication manager/4.0.3
- version/avaya aura communication manager/3.1.3
- version/avaya aura communication manager/4.0.1