CVE-2012-3811

Avaya IP Office Customer Call Reporter 7.0-7.0.5.8 & 8.0-8.0.9.13 - RCE via Wallboard ImageUpload.ashx

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2012-3811. PoCs published by Metasploit, including Metasploit module exploits/windows/http/avaya_ccr_imageupload_exec.

AI-analyzed exploit summary This Metasploit module exploits an authentication bypass vulnerability in Avaya IP Office Customer Call Reporter to upload and execute arbitrary ASP .NET code via the ImageUpload.ashx component.

Description

Unrestricted file upload vulnerability in ImageUpload.ashx in the Wallboard application in Avaya IP Office Customer Call Reporter 7.0 before 7.0.5.8 Q1 2012 Maintenance Release and 8.0 before 8.0.9.13 Q1 2012 Maintenance Release allows remote attackers to execute arbitrary code by uploading an executable file and then accessing it via a direct request.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/21847

View Code ZIP pw:eip

This Metasploit module exploits an authentication bypass vulnerability in Avaya IP Office Customer Call Reporter to upload and execute arbitrary ASP .NET code via the ImageUpload.ashx component.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Avaya IP Office Customer Call Reporter 7.0.4.2 and 8.0.8.15

No auth needed

Prerequisites: Network access to the target · Target running vulnerable Avaya IP Office Customer Call Reporter

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1505.003 - Web Shell

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC EXCELLENT

rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/avaya_ccr_imageupload_exec.rb

View Code ZIP pw:eip

This Metasploit module exploits an authentication bypass vulnerability in Avaya IP Office Customer Call Reporter to upload and execute arbitrary ASP .NET code via the ImageUpload.ashx component. It generates an ASPX payload containing an EXE, uploads it, and triggers execution.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Avaya IP Office Customer Call Reporter 7.0.4.2 and 8.0.8.15

No auth needed

Prerequisites: Network access to the target · ImageUpload.ashx component accessible

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1505.003 - Web Shell

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Third Party Advisory x_refsource_misc

http://zerodayinitiative.com/advisories/ZDI-12-106/

Vendor Advisory x_refsource_confirm

https://downloads.avaya.com/css/P8/documents/100164021

Scores

EPSS 0.6288

EPSS Percentile 99.1%

Details

Status published

Products (2)

avaya/ip_office_customer_call_reporter 7.0

avaya/ip_office_customer_call_reporter 8.0

Published Jul 03, 2012

Tracked Since Feb 18, 2026