CVE-2008-5709

Avaya Communication Manager <3.1.4-5.0 - RCE

Title source: llm
STIX 2.1

Description

Multiple unspecified vulnerabilities in the web management interface in Avaya Communication Manager (CM) 3.1 before 3.1.4 SP2, 4.0 before 4.0.3 SP1, and 5.0 before 5.0 SP3 allow remote authenticated users to execute arbitrary code via unknown attack vectors in the (1) Set Static Routes and (2) Backup History components.

References (8)

Core 8
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/45747
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/31645
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/2772
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/32204
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/45749

Scores

EPSS 0.0335
EPSS Percentile 87.3%

Details

CWE
CWE-20
Status published
Products (8)
avaya/communication_manager 3.1.1
avaya/communication_manager 3.1.2
avaya/communication_manager 3.1.3
avaya/communication_manager 3.1.4 sp1
avaya/communication_manager 4.0
avaya/communication_manager 4.0.1 (3 CPE variants)
avaya/communication_manager 4.0.3
avaya/communication_manager 5.0 (3 CPE variants)
Published Dec 24, 2008
Tracked Since Feb 18, 2026