CVE-2008-5709

high

Description

Multiple unspecified vulnerabilities in the web management interface in Avaya Communication Manager (CM) 3.1 before 3.1.4 SP2, 4.0 before 4.0.3 SP1, and 5.0 before 5.0 SP3 allow remote authenticated users to execute arbitrary code via unknown attack vectors in the (1) Set Static Routes and (2) Backup History components.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/45749

https://exchange.xforce.ibmcloud.com/vulnerabilities/45747

http://www.vupen.com/english/advisories/2008/2772

http://www.voipshield.com/research-details.php?id=122

http://www.voipshield.com/research-details.php?id=121

http://www.securityfocus.com/bid/31645

http://support.avaya.com/elmodocs2/security/ASA-2008-391.htm

http://secunia.com/advisories/32204

Details

Source: Mitre, NVD

Published: 2008-12-24

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 9

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.05212