CVE-2017-11309

CRITICAL

Avaya IP Office < 10.1.1 - Remote Code Execution via SoftConsole Long Response

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-11309. PoCs published by hyp3rlinx.

AI-analyzed exploit summary This exploit demonstrates a remote buffer overflow in Avaya IP Office SoftConsole v9.1.0-10.1 by sending a maliciously crafted payload to a client connecting to a malicious server. The payload includes shellcode and a structured exception handler (SEH) bypass to achieve arbitrary code execution.

Description

Buffer overflow in the SoftConsole client in Avaya IP Office before 10.1.1 allows remote servers to execute arbitrary code via a long response.

Exploits (1)

exploitdb WORKING POC

by hyp3rlinx · textremotewindows

https://www.exploit-db.com/exploits/43121

View Code ZIP pw:eip

This exploit demonstrates a remote buffer overflow in Avaya IP Office SoftConsole v9.1.0-10.1 by sending a maliciously crafted payload to a client connecting to a malicious server. The payload includes shellcode and a structured exception handler (SEH) bypass to achieve arbitrary code execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Avaya IP Office SoftConsole v9.1.0-10.1

No auth needed

Prerequisites: Attacker must convince victim to connect to a malicious server · Victim must be using vulnerable Avaya SoftConsole version

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/101674

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/144883/Avaya-IP-Office-IPO-10.1-Soft-Console-Remote-Buffer-Overflow.html

Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/43121/

Vendor Advisory x_refsource_confirm

http://downloads.avaya.com/css/P8/documents/101044086

Various Sources x_refsource_misc

http://hyp3rlinx.altervista.org/advisories/AVAYA-OFFICE-IP-%28IPO%29-v9.1.0-10.1-SOFT-CONSOLE-REMOTE-BUFFER-OVERFLOW-0DAY.txt

Scores

CVSS v3 9.6

EPSS 0.0940

EPSS Percentile 94.8%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Details

CWE

CWE-119

Status published

Products (1)

avaya/ip_office < 10.1.1

Published Nov 10, 2017

Tracked Since Feb 18, 2026