Vulnerability Description
The remote management interface in SIP Enablement Services (SES) Server in Avaya SIP Enablement Services 5.0, and Communication Manager (CM) 5.0 on the S8300C with SES enabled, proceeds with Core router updates even when a login is invalid, which allows remote attackers to cause a denial of service (messaging outage) or gain privileges via an update request.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Avaya | Sip Enablement Services | 5.0 |
| Avaya | S8300C Server | All versions |
| Avaya | Communication Manager | 5.0 |
Related Weaknesses (CWE)
References
- http://support.avaya.com/elmodocs2/security/ASA-2008-347.htm
- http://www.securityfocus.com/bid/30758
- https://exchange.xforce.ibmcloud.com/vulnerabilities/44585
- http://support.avaya.com/elmodocs2/security/ASA-2008-347.htm
- http://www.securityfocus.com/bid/30758
- https://exchange.xforce.ibmcloud.com/vulnerabilities/44585
FAQ
What is CVE-2008-3778?
CVE-2008-3778 is a vulnerability with a CVSS score of 7.5 (HIGH). The remote management interface in SIP Enablement Services (SES) Server in Avaya SIP Enablement Services 5.0, and Communication Manager (CM) 5.0 on the S8300C with SES enabled, proceeds with Core rout...
How severe is CVE-2008-3778?
CVE-2008-3778 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-3778?
Check the references section above for vendor advisories and patch information. Affected products include: Avaya Sip Enablement Services, Avaya S8300C Server, Avaya Communication Manager.