CVE-2008-6707

Avaya Sip Enablement Services - Authentication Bypass

Title source: rule

Description

The Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, does not perform authentication for certain functionality, which allows remote attackers to obtain sensitive information and access restricted functionality via (1) the certificate installation utility, (2) unspecified scripts in the objects folder, (3) an "unnecessary default application," (4) unspecified scripts in the states folder, (5) an unspecified "default application" that lists server configuration, and (6) "full system help."

References (19)

[Vendor Advisory] http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm

[Various Sources] http://www.voipshield.com/research-details.php?id=86

[Various Sources] http://www.voipshield.com/research-details.php?id=87

[Various Sources] http://www.voipshield.com/research-details.php?id=88

[Various Sources] http://www.voipshield.com/research-details.php?id=89

[Various Sources] http://www.voipshield.com/research-details.php?id=90

[Various Sources] http://www.voipshield.com/research-details.php?id=91

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/43381

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/43384

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/43389

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/43393

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/43394

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/43395

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/29939

[Third Party Advisory, VDB Entry] http://osvdb.org/46598

[Third Party Advisory, VDB Entry] http://osvdb.org/46599

[Third Party Advisory, VDB Entry] http://osvdb.org/46600

[Third Party Advisory] http://secunia.com/advisories/30751

[Third Party Advisory] http://www.vupen.com/english/advisories/2008/1943/references

Scores

EPSS 0.0042

EPSS Percentile 61.3%

Classification

CWE

CWE-287

Status draft

Affected Products (13)

avaya/sip_enablement_services

avaya/sip_enablement_services

avaya/sip_enablement_services

avaya/sip_enablement_services

avaya/communication_manager

avaya/communication_manager

avaya/communication_manager

avaya/communication_manager

avaya/communication_manager

avaya/communication_manager

avaya/communication_manager

avaya/communication_manager

avaya/communication_manager

Timeline

Published Apr 10, 2009

Tracked Since Feb 18, 2026