CVE-2008-5709 - OpenCVE

Multiple unspecified vulnerabilities in the web management interface in Avaya Communication Manager (CM) 3.1 before 3.1.4 SP2, 4.0 before 4.0.3 SP1, and 5.0 before 5.0 SP3 allow remote authenticated users to execute arbitrary code via unknown attack vectors in the (1) Set Static Routes and (2) Backup History components.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:S/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Avaya	Communication Manager

Configuration 1 [-]

OR	cpe:2.3:a:avaya:communication_manager:3.1.1:::::::*
	cpe:2.3:a:avaya:communication_manager:3.1.2:::::::*
	cpe:2.3:a:avaya:communication_manager:3.1.3:::::::*
	cpe:2.3:a:avaya:communication_manager:3.1.4:sp1::::::
	cpe:2.3:a:avaya:communication_manager:4.0:::::::*
	cpe:2.3:a:avaya:communication_manager:4.0.1:::::::*
	cpe:2.3:a:avaya:communication_manager:4.0.1:sp15215::::::
	cpe:2.3:a:avaya:communication_manager:4.0.1:sp15500::::::
	cpe:2.3:a:avaya:communication_manager:4.0.3:::::::*
	cpe:2.3:a:avaya:communication_manager:5.0:::::::*
	cpe:2.3:a:avaya:communication_manager:5.0:sp1::::::
	cpe:2.3:a:avaya:communication_manager:5.0:sp2::::::

No data.

References

Link	Providers
http://secunia.com/advisories/32204
http://support.avaya.com/elmodocs2/security/ASA-2008-391.htm
http://www.securityfocus.com/bid/31645
http://www.voipshield.com/research-details.php?id=121
http://www.voipshield.com/research-details.php?id=122
http://www.vupen.com/english/advisories/2008/2772
https://exchange.xforce.ibmcloud.com/vulnerabilities/45747
https://exchange.xforce.ibmcloud.com/vulnerabilities/45749

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2008-12-24T17:00:00

Updated: 2024-08-07T11:04:43.568Z

Reserved: 2008-12-24T00:00:00

Link: CVE-2008-5709

Vulnrichment

No data.

NVD

Status : Modified

Published: 2008-12-24T18:29:15.780

Modified: 2017-08-08T01:33:29.000

Link: CVE-2008-5709

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-10-08T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple unspecified vulnerabilities in the web management interface in Avaya Communication Manager (CM) 3.1 before 3.1.4 SP2, 4.0 before 4.0.3 SP1, and 5.0 before 5.0 SP3 allow remote authenticated users to execute arbitrary code via unknown attack vectors in the (1) Set Static Routes and (2) Backup History components."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-07T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "avaya-cm-backuphistory-cmd-execution(45747)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45747"}, {"name": "31645", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/31645"}, {"name": "ADV-2008-2772", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/2772"}, {"tags": ["x_refsource_MISC"], "url": "http://www.voipshield.com/research-details.php?id=122"}, {"name": "32204", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/32204"}, {"name": "avaya-cm-setstatic-command-execution(45749)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45749"}, {"tags": ["x_refsource_MISC"], "url": "http://www.voipshield.com/research-details.php?id=121"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-391.htm"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-5709", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple unspecified vulnerabilities in the web management interface in Avaya Communication Manager (CM) 3.1 before 3.1.4 SP2, 4.0 before 4.0.3 SP1, and 5.0 before 5.0 SP3 allow remote authenticated users to execute arbitrary code via unknown attack vectors in the (1) Set Static Routes and (2) Backup History components."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "avaya-cm-backuphistory-cmd-execution(45747)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45747"}, {"name": "31645", "refsource": "BID", "url": "http://www.securityfocus.com/bid/31645"}, {"name": "ADV-2008-2772", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/2772"}, {"name": "http://www.voipshield.com/research-details.php?id=122", "refsource": "MISC", "url": "http://www.voipshield.com/research-details.php?id=122"}, {"name": "32204", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/32204"}, {"name": "avaya-cm-setstatic-command-execution(45749)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45749"}, {"name": "http://www.voipshield.com/research-details.php?id=121", "refsource": "MISC", "url": "http://www.voipshield.com/research-details.php?id=121"}, {"name": "http://support.avaya.com/elmodocs2/security/ASA-2008-391.htm", "refsource": "CONFIRM", "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-391.htm"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T11:04:43.568Z"}, "title": "CVE Program Container", "references": [{"name": "avaya-cm-backuphistory-cmd-execution(45747)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45747"}, {"name": "31645", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/31645"}, {"name": "ADV-2008-2772", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2008/2772"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.voipshield.com/research-details.php?id=122"}, {"name": "32204", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/32204"}, {"name": "avaya-cm-setstatic-command-execution(45749)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45749"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.voipshield.com/research-details.php?id=121"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-391.htm"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-5709", "datePublished": "2008-12-24T17:00:00", "dateReserved": "2008-12-24T00:00:00", "dateUpdated": "2024-08-07T11:04:43.568Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "C4030E5D-BC15-481D-A15E-98FAE65130D9", "vulnerable": true}, {"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "F3FC3A86-CE3D-4C12-9E31-7F7280EF9D28", "vulnerable": true}, {"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "BBD119B9-FE11-4165-943D-119E906DC013", "vulnerable": true}, {"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.4:sp1:*:*:*:*:*:*", "matchCriteriaId": "1EAA2BC9-4794-4441-8AA8-3C1B7297FD06", "vulnerable": true}, {"criteria": "cpe:2.3:a:avaya:communication_manager:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "9F0B0D66-9900-4B9A-A892-31B8607DA852", "vulnerable": true}, {"criteria": "cpe:2.3:a:avaya:communication_manager:4.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "D5DE700B-B830-445B-AF08-4AD28EF1BE58", "vulnerable": true}, {"criteria": "cpe:2.3:a:avaya:communication_manager:4.0.1:sp15215:*:*:*:*:*:*", "matchCriteriaId": "522FD345-91ED-4FE2-8069-028C3A2E3974", "vulnerable": true}, {"criteria": "cpe:2.3:a:avaya:communication_manager:4.0.1:sp15500:*:*:*:*:*:*", "matchCriteriaId": "3507CABD-74EE-4A53-9C09-AF38B3F218F0", "vulnerable": true}, {"criteria": "cpe:2.3:a:avaya:communication_manager:4.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "825C1D4E-CD86-4122-84D7-CF1CB4CF8F10", "vulnerable": true}, {"criteria": "cpe:2.3:a:avaya:communication_manager:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "84E2136B-6FE3-4548-A89D-444ED9393C22", "vulnerable": true}, {"criteria": "cpe:2.3:a:avaya:communication_manager:5.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "FB4B7CCA-3961-48BC-ABFD-A608B39BD921", "vulnerable": true}, {"criteria": "cpe:2.3:a:avaya:communication_manager:5.0:sp2:*:*:*:*:*:*", "matchCriteriaId": "F9DD5F5B-5F44-422C-B9D9-731B53981BEB", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple unspecified vulnerabilities in the web management interface in Avaya Communication Manager (CM) 3.1 before 3.1.4 SP2, 4.0 before 4.0.3 SP1, and 5.0 before 5.0 SP3 allow remote authenticated users to execute arbitrary code via unknown attack vectors in the (1) Set Static Routes and (2) Backup History components."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades sin especificar en la interfaz de gesti\u00f3n web en Avaya Communication Manager (CM) 3.1 antes de 3.1.4 SP2, 4.0 antes de 4.0.3 SP1 y 5.0 antes de 5.0 SP3 permite a usuarios remotamente autentificados ejecutar c\u00f3digo de su elecci\u00f3n mediante vectores de ataque desconocidos en los componentes (1) Set Static Routes y (2) Backup History."}], "id": "CVE-2008-5709", "lastModified": "2017-08-08T01:33:29.000", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2008-12-24T18:29:15.780", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/32204"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-391.htm"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/31645"}, {"source": "cve@mitre.org", "url": "http://www.voipshield.com/research-details.php?id=121"}, {"source": "cve@mitre.org", "url": "http://www.voipshield.com/research-details.php?id=122"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2008/2772"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45747"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45749"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}, {"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}