CVE-2012-3811

Avaya IP Office Customer Call Reporter - Unrestricted File Upload

Title source: rule

Description

Unrestricted file upload vulnerability in ImageUpload.ashx in the Wallboard application in Avaya IP Office Customer Call Reporter 7.0 before 7.0.5.8 Q1 2012 Maintenance Release and 8.0 before 8.0.9.13 Q1 2012 Maintenance Release allows remote attackers to execute arbitrary code by uploading an executable file and then accessing it via a direct request.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/21847

View Code ZIP pw:eip

metasploit WORKING POC EXCELLENT

rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/avaya_ccr_imageupload_exec.rb

View Code ZIP pw:eip

References (2)

[Third Party Advisory] http://zerodayinitiative.com/advisories/ZDI-12-106/

[Vendor Advisory] https://downloads.avaya.com/css/P8/documents/100164021

Scores

EPSS 0.7905

EPSS Percentile 99.1%

Details

Status published

Products (2)

avaya/ip_office_customer_call_reporter 7.0

avaya/ip_office_customer_call_reporter 8.0

Published Jul 03, 2012

Tracked Since Feb 18, 2026