Avaya WinPDM < 3.8.5 Multiple Vulnerabilities

This script is Copyright (C) 2011-2014 Tenable Network Security, Inc.


Synopsis :

A phone administration application on the remote Windows host has
multiple vulnerabilities.

Description :

The version of Avaya WinPDM installed on the remote host has multiple
network services affected by memory corruption vulnerabilities. A
remote, unauthenticated attacker could exploit these issues to execute
arbitrary code.

This plugin determines if the vulnerable software is installed by
checking the file version of the Unite Host Router component of
WinPDM.

See also :

https://support.avaya.com/css/P8/documents/100140122

Solution :

Upgrade to Avaya WinPDM 3.8.5 (Unite Host Router 4.5.1.5) or later.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.3
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 54831 ()

Bugtraq ID: 47947

CVE ID: