CVE-2008-6709

EUVD-2008-6669
Unspecified vulnerability in the Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, allows remote authenticated users to execute arbitrary commands via unknown vectors related to configuration of "local data viewing or restoring parameters."
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:S/C:C/I:C/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 76%
Affected Products (NVD)
VendorProductVersion
avayasip_enablement_services
3.0
avayasip_enablement_services
3.1
avayasip_enablement_services
3.1.1
avayasip_enablement_services
4.0
avayacommunication_manager
3.1
avayacommunication_manager
3.1.1
avayacommunication_manager
3.1.2
avayacommunication_manager
3.1.3
avayacommunication_manager
3.1.4
avayacommunication_manager
3.1.4:sp1
avayacommunication_manager
3.1.4:sp2
avayacommunication_manager
3.1.5
avayacommunication_manager
3.1.5:sp0
𝑥
= Vulnerable software versions
References
http://secunia.com/advisories/30751
http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm
http://www.osvdb.org/46603
http://www.securityfocus.com/bid/29939
http://www.voipshield.com/research-details.php?id=78
http://www.vupen.com/english/advisories/2008/1943/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/43380
http://secunia.com/advisories/30751
http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm
http://www.osvdb.org/46603
http://www.securityfocus.com/bid/29939
http://www.voipshield.com/research-details.php?id=78
http://www.vupen.com/english/advisories/2008/1943/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/43380