CVE-2008-6708

EUVD-2008-6668
Unspecified vulnerability in the Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x and 4.x, allows remote authenticated administrators to gain root privileges via unknown vectors related to configuration of "data viewing or restoring parameters."
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:S/C:C/I:C/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 81%
Affected Products (NVD)
VendorProductVersion
avayacommunication_manager
3.1
avayacommunication_manager
3.1.1
avayacommunication_manager
3.1.2
avayacommunication_manager
3.1.3
avayacommunication_manager
3.1.4
avayacommunication_manager
3.1.5
avayacommunication_manager
4.0
avayacommunication_manager
4.0.1
avayacommunication_manager
4.0.1:sp15215
avayacommunication_manager
4.0.1:sp15500
avayacommunication_manager
4.0.3
avayasip_enablement_services
3.0
𝑥
= Vulnerable software versions
References
http://osvdb.org/46604
http://secunia.com/advisories/30751
http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm
http://www.securityfocus.com/bid/29939
http://www.voipshield.com/research-details.php?id=77
http://www.vupen.com/english/advisories/2008/1943/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/43390
http://osvdb.org/46604
http://secunia.com/advisories/30751
http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm
http://www.securityfocus.com/bid/29939
http://www.voipshield.com/research-details.php?id=77
http://www.vupen.com/english/advisories/2008/1943/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/43390