CVE-2008-5709

Multiple unspecified vulnerabilities in the web management interface in Avaya Communication Manager (CM) 3.1 before 3.1.4 SP2, 4.0 before 4.0.3 SP1, and 5.0 before 5.0 SP3 allow remote authenticated users to execute arbitrary code via unknown attack vectors in the (1) Set Static Routes and (2) Backup History components.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:S/C:C/I:C/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
avayacommunication_manager
3.1.1
avayacommunication_manager
3.1.2
avayacommunication_manager
3.1.3
avayacommunication_manager
3.1.4:sp1
avayacommunication_manager
4.0
avayacommunication_manager
4.0.1
avayacommunication_manager
4.0.1:sp15215
avayacommunication_manager
4.0.1:sp15500
avayacommunication_manager
4.0.3
avayacommunication_manager
5.0
avayacommunication_manager
5.0:sp1
avayacommunication_manager
5.0:sp2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://secunia.com/advisories/32204
http://support.avaya.com/elmodocs2/security/ASA-2008-391.htm
http://www.securityfocus.com/bid/31645
http://www.voipshield.com/research-details.php?id=121
http://www.voipshield.com/research-details.php?id=122
http://www.vupen.com/english/advisories/2008/2772
https://exchange.xforce.ibmcloud.com/vulnerabilities/45747
https://exchange.xforce.ibmcloud.com/vulnerabilities/45749
http://secunia.com/advisories/32204
http://support.avaya.com/elmodocs2/security/ASA-2008-391.htm
http://www.securityfocus.com/bid/31645
http://www.voipshield.com/research-details.php?id=121
http://www.voipshield.com/research-details.php?id=122
http://www.vupen.com/english/advisories/2008/2772
https://exchange.xforce.ibmcloud.com/vulnerabilities/45747
https://exchange.xforce.ibmcloud.com/vulnerabilities/45749