Description
Multiple unspecified vulnerabilities in the web management interface in Avaya Communication Manager (CM) 3.1 before 3.1.4 SP2, 4.0 before 4.0.3 SP1, and 5.0 before 5.0 SP3 allow remote authenticated users to execute arbitrary code via unknown attack vectors in the (1) Set Static Routes and (2) Backup History components.
References (8)
Core 8
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/45747
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/31645
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2008/2772
Various Sources x_refsource_misc
http://www.voipshield.com/research-details.php?id=122
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/32204
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/45749
Various Sources x_refsource_misc
http://www.voipshield.com/research-details.php?id=121
Vendor Advisory x_refsource_confirm
http://support.avaya.com/elmodocs2/security/ASA-2008-391.htm
Scores
EPSS
0.0335
EPSS Percentile
87.3%
Details
CWE
CWE-20
Status
published
Products (8)
avaya/communication_manager
3.1.1
avaya/communication_manager
3.1.2
avaya/communication_manager
3.1.3
avaya/communication_manager
3.1.4 sp1
avaya/communication_manager
4.0
avaya/communication_manager
4.0.1 (3 CPE variants)
avaya/communication_manager
4.0.3
avaya/communication_manager
5.0 (3 CPE variants)
Published
Dec 24, 2008
Tracked Since
Feb 18, 2026