CVE-2017-11309: Buffer Overflow
First published: Fri Nov 10 2017(Updated: )
Buffer overflow in the SoftConsole client in Avaya IP Office before 10.1.1 allows remote servers to execute arbitrary code via a long response.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Avaya IP Office | <10.1.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://downloads.avaya.com/css/P8/documents/101044086
- http://hyp3rlinx.altervista.org/advisories/AVAYA-OFFICE-IP-(IPO)-v9.1.0-10.1-SOFT-CONSOLE-REMOTE-BUFFER-OVERFLOW-0DAY.txt
- http://packetstormsecurity.com/files/144883/Avaya-IP-Office-IPO-10.1-Soft-Console-Remote-Buffer-Overflow.html
- http://www.securityfocus.com/bid/101674
- https://www.exploit-db.com/exploits/43121/
Frequently Asked Questions
What is CVE-2017-11309?
CVE-2017-11309 is a buffer overflow vulnerability in the SoftConsole client in Avaya IP Office before version 10.1.1.
What is the severity of CVE-2017-11309?
The severity of CVE-2017-11309 is critical with a CVSS score of 9.6.
How does CVE-2017-11309 work?
CVE-2017-11309 allows remote servers to execute arbitrary code by sending a long response, triggering a buffer overflow in the SoftConsole client.
Is there a fix for CVE-2017-11309?
Yes, Avaya IP Office version 10.1.1 and above have fixed the buffer overflow vulnerability.
What can I do to protect myself from CVE-2017-11309?
To protect yourself from CVE-2017-11309, update your Avaya IP Office to version 10.1.1 or above.
- collector/nvd-index
- vendor/avaya
- canonical/avaya ip office