CVE-2008-6707 (GCVE-0-2008-6707)
Vulnerability from cvelistv5 – Published: 2009-04-10 15:00 – Updated: 2024-08-07 11:42
VLAI?
Summary
The Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, does not perform authentication for certain functionality, which allows remote attackers to obtain sensitive information and access restricted functionality via (1) the certificate installation utility, (2) unspecified scripts in the objects folder, (3) an "unnecessary default application," (4) unspecified scripts in the states folder, (5) an unspecified "default application" that lists server configuration, and (6) "full system help."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:42:00.366Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2008-1943",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1943/references"
},
{
"name": "30751",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30751"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.voipshield.com/research-details.php?id=86"
},
{
"name": "avaya-ses-certificate-info-disclosure(43384)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43384"
},
{
"name": "46598",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/46598"
},
{
"name": "avaya-ses-statesfolder-code-execution(43393)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43393"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.voipshield.com/research-details.php?id=88"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.voipshield.com/research-details.php?id=90"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.voipshield.com/research-details.php?id=87"
},
{
"name": "avaya-ses-objectsfolder-code-execution(43381)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43381"
},
{
"name": "29939",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29939"
},
{
"name": "46599",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/46599"
},
{
"name": "46600",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/46600"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.voipshield.com/research-details.php?id=91"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.voipshield.com/research-details.php?id=89"
},
{
"name": "avaya-ses-application-info-disclosure(43394)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43394"
},
{
"name": "avaya-ses-help-information-disclosure(43395)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43395"
},
{
"name": "avaya-ses-application-unauth-access(43389)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43389"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-06-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, does not perform authentication for certain functionality, which allows remote attackers to obtain sensitive information and access restricted functionality via (1) the certificate installation utility, (2) unspecified scripts in the objects folder, (3) an \"unnecessary default application,\" (4) unspecified scripts in the states folder, (5) an unspecified \"default application\" that lists server configuration, and (6) \"full system help.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2008-1943",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1943/references"
},
{
"name": "30751",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30751"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.voipshield.com/research-details.php?id=86"
},
{
"name": "avaya-ses-certificate-info-disclosure(43384)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43384"
},
{
"name": "46598",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/46598"
},
{
"name": "avaya-ses-statesfolder-code-execution(43393)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43393"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.voipshield.com/research-details.php?id=88"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.voipshield.com/research-details.php?id=90"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.voipshield.com/research-details.php?id=87"
},
{
"name": "avaya-ses-objectsfolder-code-execution(43381)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43381"
},
{
"name": "29939",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29939"
},
{
"name": "46599",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/46599"
},
{
"name": "46600",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/46600"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.voipshield.com/research-details.php?id=91"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.voipshield.com/research-details.php?id=89"
},
{
"name": "avaya-ses-application-info-disclosure(43394)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43394"
},
{
"name": "avaya-ses-help-information-disclosure(43395)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43395"
},
{
"name": "avaya-ses-application-unauth-access(43389)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43389"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6707",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, does not perform authentication for certain functionality, which allows remote attackers to obtain sensitive information and access restricted functionality via (1) the certificate installation utility, (2) unspecified scripts in the objects folder, (3) an \"unnecessary default application,\" (4) unspecified scripts in the states folder, (5) an unspecified \"default application\" that lists server configuration, and (6) \"full system help.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2008-1943",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1943/references"
},
{
"name": "30751",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30751"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm"
},
{
"name": "http://www.voipshield.com/research-details.php?id=86",
"refsource": "MISC",
"url": "http://www.voipshield.com/research-details.php?id=86"
},
{
"name": "avaya-ses-certificate-info-disclosure(43384)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43384"
},
{
"name": "46598",
"refsource": "OSVDB",
"url": "http://osvdb.org/46598"
},
{
"name": "avaya-ses-statesfolder-code-execution(43393)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43393"
},
{
"name": "http://www.voipshield.com/research-details.php?id=88",
"refsource": "MISC",
"url": "http://www.voipshield.com/research-details.php?id=88"
},
{
"name": "http://www.voipshield.com/research-details.php?id=90",
"refsource": "MISC",
"url": "http://www.voipshield.com/research-details.php?id=90"
},
{
"name": "http://www.voipshield.com/research-details.php?id=87",
"refsource": "MISC",
"url": "http://www.voipshield.com/research-details.php?id=87"
},
{
"name": "avaya-ses-objectsfolder-code-execution(43381)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43381"
},
{
"name": "29939",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29939"
},
{
"name": "46599",
"refsource": "OSVDB",
"url": "http://osvdb.org/46599"
},
{
"name": "46600",
"refsource": "OSVDB",
"url": "http://osvdb.org/46600"
},
{
"name": "http://www.voipshield.com/research-details.php?id=91",
"refsource": "MISC",
"url": "http://www.voipshield.com/research-details.php?id=91"
},
{
"name": "http://www.voipshield.com/research-details.php?id=89",
"refsource": "MISC",
"url": "http://www.voipshield.com/research-details.php?id=89"
},
{
"name": "avaya-ses-application-info-disclosure(43394)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43394"
},
{
"name": "avaya-ses-help-information-disclosure(43395)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43395"
},
{
"name": "avaya-ses-application-unauth-access(43389)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43389"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6707",
"datePublished": "2009-04-10T15:00:00",
"dateReserved": "2009-04-10T00:00:00",
"dateUpdated": "2024-08-07T11:42:00.366Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:avaya:sip_enablement_services:3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F8D4881F-650A-4FA1-B604-70EBBED41AE7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:avaya:sip_enablement_services:3.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F9EB9ECB-9ABF-40ED-9116-D3FE9FC73B38\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:avaya:sip_enablement_services:3.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"43F41650-7E55-436A-9935-8CE88B428680\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:avaya:sip_enablement_services:4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7BFF25B3-B7C7-479C-8C2A-995E568C3395\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:avaya:communication_manager:3.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"88F5C363-3A38-43FC-A06D-73E280AB844B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:avaya:communication_manager:3.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C4030E5D-BC15-481D-A15E-98FAE65130D9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:avaya:communication_manager:3.1.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F3FC3A86-CE3D-4C12-9E31-7F7280EF9D28\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:avaya:communication_manager:3.1.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BBD119B9-FE11-4165-943D-119E906DC013\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:avaya:communication_manager:3.1.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"89F99C5C-C184-4A5C-B8BA-F558C4A38730\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:avaya:communication_manager:3.1.4:sp1:*:*:*:*:*:*\", \"matchCriteriaId\": \"1EAA2BC9-4794-4441-8AA8-3C1B7297FD06\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:avaya:communication_manager:3.1.4:sp2:*:*:*:*:*:*\", \"matchCriteriaId\": \"423E4EEB-3D6F-449E-B623-C8D051E8FA3B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:avaya:communication_manager:3.1.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"87089C0E-2241-46A7-93EE-EC41D52A89C6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:avaya:communication_manager:3.1.5:sp0:*:*:*:*:*:*\", \"matchCriteriaId\": \"5BD89D61-0B42-4DDE-99F1-71570A37A136\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"The Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, does not perform authentication for certain functionality, which allows remote attackers to obtain sensitive information and access restricted functionality via (1) the certificate installation utility, (2) unspecified scripts in the objects folder, (3) an \\\"unnecessary default application,\\\" (4) unspecified scripts in the states folder, (5) an unspecified \\\"default application\\\" that lists server configuration, and (6) \\\"full system help.\\\"\"}, {\"lang\": \"es\", \"value\": \"El interfase de administraci\\u00f3n web de Avaya SIP Enablement Services (SES) v3.x y v4.0, como las usadas en Avaya Communication Manager v3.1.x no realiza autentificaci\\u00f3n para ciertas tareas, lo que permite a atacantes remotos obtener informaci\\u00f3n sensible y acceso a funcionalidades restringidas a trav\\u00e9s de (1) la utilidad de instalaci\\u00f3n de certificados, (2) secuencias de comandos no espec\\u00edficas en el directorio de objetos, (3) una \\\"aplicaci\\u00f3n por defecto no necesaria\\\", (4) secuencias de c\\u00f3digo no espec\\u00edficas en el directorio \\\"States\\\",(5) una \\\"aplicaci\\u00f3n por defecto\\\" no espec\\u00edfica que lista la configuraci\\u00f3n del servidor, y (6) \\\"ayuda del sistema completa\\\".\"}]",
"id": "CVE-2008-6707",
"lastModified": "2024-11-21T00:57:15.847",
"metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:N\", \"baseScore\": 6.4, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 4.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2009-04-10T22:00:00.670",
"references": "[{\"url\": \"http://osvdb.org/46598\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://osvdb.org/46599\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://osvdb.org/46600\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/30751\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/29939\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.voipshield.com/research-details.php?id=86\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.voipshield.com/research-details.php?id=87\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.voipshield.com/research-details.php?id=88\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.voipshield.com/research-details.php?id=89\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.voipshield.com/research-details.php?id=90\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.voipshield.com/research-details.php?id=91\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/1943/references\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/43381\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/43384\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/43389\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/43393\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/43394\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/43395\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://osvdb.org/46598\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://osvdb.org/46599\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://osvdb.org/46600\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/30751\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/29939\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.voipshield.com/research-details.php?id=86\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.voipshield.com/research-details.php?id=87\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.voipshield.com/research-details.php?id=88\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.voipshield.com/research-details.php?id=89\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.voipshield.com/research-details.php?id=90\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.voipshield.com/research-details.php?id=91\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/1943/references\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/43381\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/43384\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/43389\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/43393\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/43394\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/43395\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-287\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2008-6707\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2009-04-10T22:00:00.670\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, does not perform authentication for certain functionality, which allows remote attackers to obtain sensitive information and access restricted functionality via (1) the certificate installation utility, (2) unspecified scripts in the objects folder, (3) an \\\"unnecessary default application,\\\" (4) unspecified scripts in the states folder, (5) an unspecified \\\"default application\\\" that lists server configuration, and (6) \\\"full system help.\\\"\"},{\"lang\":\"es\",\"value\":\"El interfase de administraci\u00f3n web de Avaya SIP Enablement Services (SES) v3.x y v4.0, como las usadas en Avaya Communication Manager v3.1.x no realiza autentificaci\u00f3n para ciertas tareas, lo que permite a atacantes remotos obtener informaci\u00f3n sensible y acceso a funcionalidades restringidas a trav\u00e9s de (1) la utilidad de instalaci\u00f3n de certificados, (2) secuencias de comandos no espec\u00edficas en el directorio de objetos, (3) una \\\"aplicaci\u00f3n por defecto no necesaria\\\", (4) secuencias de c\u00f3digo no espec\u00edficas en el directorio \\\"States\\\",(5) una \\\"aplicaci\u00f3n por defecto\\\" no espec\u00edfica que lista la configuraci\u00f3n del servidor, y (6) \\\"ayuda del sistema completa\\\".\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:N\",\"baseScore\":6.4,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-287\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:avaya:sip_enablement_services:3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F8D4881F-650A-4FA1-B604-70EBBED41AE7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:avaya:sip_enablement_services:3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F9EB9ECB-9ABF-40ED-9116-D3FE9FC73B38\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:avaya:sip_enablement_services:3.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"43F41650-7E55-436A-9935-8CE88B428680\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:avaya:sip_enablement_services:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7BFF25B3-B7C7-479C-8C2A-995E568C3395\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:avaya:communication_manager:3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"88F5C363-3A38-43FC-A06D-73E280AB844B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:avaya:communication_manager:3.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C4030E5D-BC15-481D-A15E-98FAE65130D9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:avaya:communication_manager:3.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F3FC3A86-CE3D-4C12-9E31-7F7280EF9D28\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:avaya:communication_manager:3.1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BBD119B9-FE11-4165-943D-119E906DC013\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:avaya:communication_manager:3.1.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"89F99C5C-C184-4A5C-B8BA-F558C4A38730\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:avaya:communication_manager:3.1.4:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"1EAA2BC9-4794-4441-8AA8-3C1B7297FD06\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:avaya:communication_manager:3.1.4:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"423E4EEB-3D6F-449E-B623-C8D051E8FA3B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:avaya:communication_manager:3.1.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"87089C0E-2241-46A7-93EE-EC41D52A89C6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:avaya:communication_manager:3.1.5:sp0:*:*:*:*:*:*\",\"matchCriteriaId\":\"5BD89D61-0B42-4DDE-99F1-71570A37A136\"}]}]}],\"references\":[{\"url\":\"http://osvdb.org/46598\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://osvdb.org/46599\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://osvdb.org/46600\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/30751\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/29939\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.voipshield.com/research-details.php?id=86\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.voipshield.com/research-details.php?id=87\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.voipshield.com/research-details.php?id=88\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.voipshield.com/research-details.php?id=89\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.voipshield.com/research-details.php?id=90\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.voipshield.com/research-details.php?id=91\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/1943/references\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/43381\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/43384\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/43389\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/43393\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/43394\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/43395\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://osvdb.org/46598\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://osvdb.org/46599\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://osvdb.org/46600\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/30751\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/29939\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.voipshield.com/research-details.php?id=86\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.voipshield.com/research-details.php?id=87\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.voipshield.com/research-details.php?id=88\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.voipshield.com/research-details.php?id=89\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.voipshield.com/research-details.php?id=90\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.voipshield.com/research-details.php?id=91\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/1943/references\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/43381\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/43384\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/43389\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/43393\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/43394\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/43395\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…