CVE-2008-6707

critical

Description

The Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, does not perform authentication for certain functionality, which allows remote attackers to obtain sensitive information and access restricted functionality via (1) the certificate installation utility, (2) unspecified scripts in the objects folder, (3) an "unnecessary default application," (4) unspecified scripts in the states folder, (5) an unspecified "default application" that lists server configuration, and (6) "full system help."

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/43395

https://exchange.xforce.ibmcloud.com/vulnerabilities/43394

https://exchange.xforce.ibmcloud.com/vulnerabilities/43393

https://exchange.xforce.ibmcloud.com/vulnerabilities/43389

https://exchange.xforce.ibmcloud.com/vulnerabilities/43384

https://exchange.xforce.ibmcloud.com/vulnerabilities/43381

http://www.vupen.com/english/advisories/2008/1943/references

http://www.voipshield.com/research-details.php?id=91

http://www.voipshield.com/research-details.php?id=90

http://www.voipshield.com/research-details.php?id=89

http://www.voipshield.com/research-details.php?id=88

http://www.voipshield.com/research-details.php?id=87

http://www.voipshield.com/research-details.php?id=86

http://www.securityfocus.com/bid/29939

http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm

http://secunia.com/advisories/30751

http://osvdb.org/46600

http://osvdb.org/46599

http://osvdb.org/46598

Details

Source: Mitre, NVD

Published: 2009-04-10

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 6.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Severity: Critical

EPSS

EPSS: 0.00415