CVE-2008-6707
Severity CVSS v4.0:
Pending analysis
Type:
CWE-287
Authentication Issues
Publication date:
10/04/2009
Last modified:
09/04/2025
Description
The Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, does not perform authentication for certain functionality, which allows remote attackers to obtain sensitive information and access restricted functionality via (1) the certificate installation utility, (2) unspecified scripts in the objects folder, (3) an "unnecessary default application," (4) unspecified scripts in the states folder, (5) an unspecified "default application" that lists server configuration, and (6) "full system help."
Impact
Base Score 2.0
6.40
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:avaya:sip_enablement_services:3.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:avaya:sip_enablement_services:3.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:avaya:sip_enablement_services:3.1.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:avaya:sip_enablement_services:4.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:avaya:communication_manager:3.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:avaya:communication_manager:3.1.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:avaya:communication_manager:3.1.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:avaya:communication_manager:3.1.3:*:*:*:*:*:*:* | ||
| cpe:2.3:a:avaya:communication_manager:3.1.4:*:*:*:*:*:*:* | ||
| cpe:2.3:a:avaya:communication_manager:3.1.4:sp1:*:*:*:*:*:* | ||
| cpe:2.3:a:avaya:communication_manager:3.1.4:sp2:*:*:*:*:*:* | ||
| cpe:2.3:a:avaya:communication_manager:3.1.5:*:*:*:*:*:*:* | ||
| cpe:2.3:a:avaya:communication_manager:3.1.5:sp0:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://osvdb.org/46598
- http://osvdb.org/46599
- http://osvdb.org/46600
- http://secunia.com/advisories/30751
- http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm
- http://www.securityfocus.com/bid/29939
- http://www.voipshield.com/research-details.php?id=86
- http://www.voipshield.com/research-details.php?id=87
- http://www.voipshield.com/research-details.php?id=88
- http://www.voipshield.com/research-details.php?id=89
- http://www.voipshield.com/research-details.php?id=90
- http://www.voipshield.com/research-details.php?id=91
- http://www.vupen.com/english/advisories/2008/1943/references
- https://exchange.xforce.ibmcloud.com/vulnerabilities/43381
- https://exchange.xforce.ibmcloud.com/vulnerabilities/43384
- https://exchange.xforce.ibmcloud.com/vulnerabilities/43389
- https://exchange.xforce.ibmcloud.com/vulnerabilities/43393
- https://exchange.xforce.ibmcloud.com/vulnerabilities/43394
- https://exchange.xforce.ibmcloud.com/vulnerabilities/43395
- http://osvdb.org/46598
- http://osvdb.org/46599
- http://osvdb.org/46600
- http://secunia.com/advisories/30751
- http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm
- http://www.securityfocus.com/bid/29939
- http://www.voipshield.com/research-details.php?id=86
- http://www.voipshield.com/research-details.php?id=87
- http://www.voipshield.com/research-details.php?id=88
- http://www.voipshield.com/research-details.php?id=89
- http://www.voipshield.com/research-details.php?id=90
- http://www.voipshield.com/research-details.php?id=91
- http://www.vupen.com/english/advisories/2008/1943/references
- https://exchange.xforce.ibmcloud.com/vulnerabilities/43381
- https://exchange.xforce.ibmcloud.com/vulnerabilities/43384
- https://exchange.xforce.ibmcloud.com/vulnerabilities/43389
- https://exchange.xforce.ibmcloud.com/vulnerabilities/43393
- https://exchange.xforce.ibmcloud.com/vulnerabilities/43394
- https://exchange.xforce.ibmcloud.com/vulnerabilities/43395