CVE Vulnerability

CVE-2008-6706

Multiple unspecified vulnerabilities in the Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, allow remote attackers to obtain (1) application server configuration, (2) database server configuration including encrypted passwords, (3) a system utility that decrypts "subscriber table passwords," (4) a system utility that decrypts database passwords, and (5) a system utility that encrypts "subscriber table passwords."

7.8 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 10 / Impact : 6.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact COMPLETE

Integrity Impact NONE

Availability Impact NONE

Scope

References
Link Resource
http://www.voipshield.com/research-details.php?id=82
http://www.voipshield.com/research-details.php?id=81
http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm Vendor Advisory
http://www.voipshield.com/research-details.php?id=85
http://www.voipshield.com/research-details.php?id=84
http://www.voipshield.com/research-details.php?id=83
http://secunia.com/advisories/30751
http://www.vupen.com/english/advisories/2008/1943/references
http://www.securityfocus.com/bid/29939
http://osvdb.org/46602
https://exchange.xforce.ibmcloud.com/vulnerabilities/43388
https://exchange.xforce.ibmcloud.com/vulnerabilities/43387
https://exchange.xforce.ibmcloud.com/vulnerabilities/43383
https://exchange.xforce.ibmcloud.com/vulnerabilities/43382
Configurations

Configuration 1
Information

Published : 2009-04-10 10:00

Updated : 2017-08-17 01:29

NVD link : CVE-2008-6706

Mitre link : CVE-2008-6706

Products Affected

Avaya

CWE
NVD-CWE-noinfo