CVE-2008-5709 - OpenCVE

Multiple unspecified vulnerabilities in the web management interface in Avaya Communication Manager (CM) 3.1 before 3.1.4 SP2, 4.0 before 4.0.3 SP1, and 5.0 before 5.0 SP3 allow remote authenticated users to execute arbitrary code via unknown attack vectors in the (1) Set Static Routes and (2) Backup History components.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:S/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Avaya	Communication Manager

Configuration 1 [-]

OR	cpe:2.3:a:avaya:communication_manager:3.1.1:::::::*
	cpe:2.3:a:avaya:communication_manager:3.1.2:::::::*
	cpe:2.3:a:avaya:communication_manager:3.1.3:::::::*
	cpe:2.3:a:avaya:communication_manager:3.1.4:sp1::::::
	cpe:2.3:a:avaya:communication_manager:4.0:::::::*
	cpe:2.3:a:avaya:communication_manager:4.0.1:::::::*
	cpe:2.3:a:avaya:communication_manager:4.0.1:sp15215::::::
	cpe:2.3:a:avaya:communication_manager:4.0.1:sp15500::::::
	cpe:2.3:a:avaya:communication_manager:4.0.3:::::::*
	cpe:2.3:a:avaya:communication_manager:5.0:::::::*
	cpe:2.3:a:avaya:communication_manager:5.0:sp1::::::
	cpe:2.3:a:avaya:communication_manager:5.0:sp2::::::

References

Link	Resource
http://secunia.com/advisories/32204	Vendor Advisory
http://support.avaya.com/elmodocs2/security/ASA-2008-391.htm	Vendor Advisory
http://www.securityfocus.com/bid/31645
http://www.voipshield.com/research-details.php?id=121
http://www.voipshield.com/research-details.php?id=122
http://www.vupen.com/english/advisories/2008/2772
https://exchange.xforce.ibmcloud.com/vulnerabilities/45747
https://exchange.xforce.ibmcloud.com/vulnerabilities/45749

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2008-12-24T17:00:00

Updated: 2017-08-07T12:57:01

Reserved: 2008-12-24T00:00:00

Link: CVE-2008-5709

JSON object: View

NVD Information

Status : Modified

Published: 2008-12-24T18:29:15.780

Modified: 2017-08-08T01:33:29.000

Link: CVE-2008-5709

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-10-08T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple unspecified vulnerabilities in the web management interface in Avaya Communication Manager (CM) 3.1 before 3.1.4 SP2, 4.0 before 4.0.3 SP1, and 5.0 before 5.0 SP3 allow remote authenticated users to execute arbitrary code via unknown attack vectors in the (1) Set Static Routes and (2) Backup History components."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-07T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "avaya-cm-backuphistory-cmd-execution(45747)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45747"}, {"name": "31645", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/31645"}, {"name": "ADV-2008-2772", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/2772"}, {"tags": ["x_refsource_MISC"], "url": "http://www.voipshield.com/research-details.php?id=122"}, {"name": "32204", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/32204"}, {"name": "avaya-cm-setstatic-command-execution(45749)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45749"}, {"tags": ["x_refsource_MISC"], "url": "http://www.voipshield.com/research-details.php?id=121"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-391.htm"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-5709", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple unspecified vulnerabilities in the web management interface in Avaya Communication Manager (CM) 3.1 before 3.1.4 SP2, 4.0 before 4.0.3 SP1, and 5.0 before 5.0 SP3 allow remote authenticated users to execute arbitrary code via unknown attack vectors in the (1) Set Static Routes and (2) Backup History components."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "avaya-cm-backuphistory-cmd-execution(45747)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45747"}, {"name": "31645", "refsource": "BID", "url": "http://www.securityfocus.com/bid/31645"}, {"name": "ADV-2008-2772", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/2772"}, {"name": "http://www.voipshield.com/research-details.php?id=122", "refsource": "MISC", "url": "http://www.voipshield.com/research-details.php?id=122"}, {"name": "32204", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/32204"}, {"name": "avaya-cm-setstatic-command-execution(45749)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45749"}, {"name": "http://www.voipshield.com/research-details.php?id=121", "refsource": "MISC", "url": "http://www.voipshield.com/research-details.php?id=121"}, {"name": "http://support.avaya.com/elmodocs2/security/ASA-2008-391.htm", "refsource": "CONFIRM", "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-391.htm"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-5709", "datePublished": "2008-12-24T17:00:00", "dateReserved": "2008-12-24T00:00:00", "dateUpdated": "2017-08-07T12:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "C4030E5D-BC15-481D-A15E-98FAE65130D9", "vulnerable": true}, {"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "F3FC3A86-CE3D-4C12-9E31-7F7280EF9D28", "vulnerable": true}, {"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "BBD119B9-FE11-4165-943D-119E906DC013", "vulnerable": true}, {"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.4:sp1:*:*:*:*:*:*", "matchCriteriaId": "1EAA2BC9-4794-4441-8AA8-3C1B7297FD06", "vulnerable": true}, {"criteria": "cpe:2.3:a:avaya:communication_manager:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "9F0B0D66-9900-4B9A-A892-31B8607DA852", "vulnerable": true}, {"criteria": "cpe:2.3:a:avaya:communication_manager:4.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "D5DE700B-B830-445B-AF08-4AD28EF1BE58", "vulnerable": true}, {"criteria": "cpe:2.3:a:avaya:communication_manager:4.0.1:sp15215:*:*:*:*:*:*", "matchCriteriaId": "522FD345-91ED-4FE2-8069-028C3A2E3974", "vulnerable": true}, {"criteria": "cpe:2.3:a:avaya:communication_manager:4.0.1:sp15500:*:*:*:*:*:*", "matchCriteriaId": "3507CABD-74EE-4A53-9C09-AF38B3F218F0", "vulnerable": true}, {"criteria": "cpe:2.3:a:avaya:communication_manager:4.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "825C1D4E-CD86-4122-84D7-CF1CB4CF8F10", "vulnerable": true}, {"criteria": "cpe:2.3:a:avaya:communication_manager:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "84E2136B-6FE3-4548-A89D-444ED9393C22", "vulnerable": true}, {"criteria": "cpe:2.3:a:avaya:communication_manager:5.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "FB4B7CCA-3961-48BC-ABFD-A608B39BD921", "vulnerable": true}, {"criteria": "cpe:2.3:a:avaya:communication_manager:5.0:sp2:*:*:*:*:*:*", "matchCriteriaId": "F9DD5F5B-5F44-422C-B9D9-731B53981BEB", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Multiple unspecified vulnerabilities in the web management interface in Avaya Communication Manager (CM) 3.1 before 3.1.4 SP2, 4.0 before 4.0.3 SP1, and 5.0 before 5.0 SP3 allow remote authenticated users to execute arbitrary code via unknown attack vectors in the (1) Set Static Routes and (2) Backup History components."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades sin especificar en la interfaz de gesti\u00f3n web en Avaya Communication Manager (CM) 3.1 antes de 3.1.4 SP2, 4.0 antes de 4.0.3 SP1 y 5.0 antes de 5.0 SP3 permite a usuarios remotamente autentificados ejecutar c\u00f3digo de su elecci\u00f3n mediante vectores de ataque desconocidos en los componentes (1) Set Static Routes y (2) Backup History."}], "id": "CVE-2008-5709", "lastModified": "2017-08-08T01:33:29.000", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2008-12-24T18:29:15.780", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/32204"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-391.htm"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/31645"}, {"source": "cve@mitre.org", "url": "http://www.voipshield.com/research-details.php?id=121"}, {"source": "cve@mitre.org", "url": "http://www.voipshield.com/research-details.php?id=122"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2008/2772"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45747"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45749"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}, {"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}