CVE-2008-6711
First published: Fri Apr 10 2009(Updated: )
Unspecified vulnerability in the Web administration interface in Avaya Communication Manager 3.1.x before CM 3.1.4 SP2 and 4.0.x before 4.0.3 SP1 allows remote authenticated users to execute arbitrary commands via unknown vectors related to "viewing system logs."
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Avaya Aura Communication Manager | =3.1 | |
| Avaya Aura Communication Manager | =3.1.1 | |
| Avaya Aura Communication Manager | =3.1.2 | |
| Avaya Aura Communication Manager | =3.1.3 | |
| Avaya Aura Communication Manager | =3.1.4 | |
| Avaya Aura Communication Manager | =3.1.4-sp1 | |
| Avaya Aura Communication Manager | =4.0 | |
| Avaya Aura Communication Manager | =4.0.1 | |
| Avaya Aura Communication Manager | =4.0.1-sp15215 | |
| Avaya Aura Communication Manager | =4.0.1-sp15500 | |
| Avaya Aura Communication Manager | =4.0.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.osvdb.org/46581
- http://support.avaya.com/elmodocs2/security/ASA-2008-270.htm
- http://www.voipshield.com/research-details.php?id=80
- http://www.vupen.com/english/advisories/2008/1944/references
- http://secunia.com/advisories/30799
- http://www.securityfocus.com/bid/29939
- https://exchange.xforce.ibmcloud.com/vulnerabilities/43391
Frequently Asked Questions
What is the severity of CVE-2008-6711?
CVE-2008-6711 is considered a high-severity vulnerability due to its potential for remote command execution.
How do I fix CVE-2008-6711?
To mitigate CVE-2008-6711, upgrade Avaya Communication Manager to version 3.1.4 SP2 or later, or 4.0.3 SP1 or later.
Who is affected by CVE-2008-6711?
CVE-2008-6711 affects remote authenticated users of Avaya Communication Manager versions prior to 3.1.4 SP2 and 4.0.3 SP1.
What can an attacker do with CVE-2008-6711?
An attacker exploiting CVE-2008-6711 can execute arbitrary commands on the system through the web administration interface.
Is there a workaround for CVE-2008-6711?
There are no recommended workarounds for CVE-2008-6711, making updates the only effective solution.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/author
- agent/references
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/avaya
- canonical/avaya aura communication manager
- version/avaya aura communication manager/3.1
- version/avaya aura communication manager/3.1.1
- version/avaya aura communication manager/3.1.2
- version/avaya aura communication manager/3.1.3
- version/avaya aura communication manager/3.1.4
- version/avaya aura communication manager/3.1.4-sp1
- version/avaya aura communication manager/4.0
- version/avaya aura communication manager/4.0.1
- version/avaya aura communication manager/4.0.1-sp15215
- version/avaya aura communication manager/4.0.1-sp15500
- version/avaya aura communication manager/4.0.3