Vulnerability Description
Multiple unspecified vulnerabilities in the Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, allow remote attackers to obtain (1) application server configuration, (2) database server configuration including encrypted passwords, (3) a system utility that decrypts "subscriber table passwords," (4) a system utility that decrypts database passwords, and (5) a system utility that encrypts "subscriber table passwords."
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Avaya | Sip Enablement Services | 3.0 |
| Avaya | Communication Manager | 3.1 |
References
- http://osvdb.org/46602
- http://secunia.com/advisories/30751
- http://support.avaya.com/elmodocs2/security/ASA-2008-268.htmVendor Advisory
- http://www.securityfocus.com/bid/29939
- http://www.voipshield.com/research-details.php?id=81
- http://www.voipshield.com/research-details.php?id=82
- http://www.voipshield.com/research-details.php?id=83
- http://www.voipshield.com/research-details.php?id=84
- http://www.voipshield.com/research-details.php?id=85
- http://www.vupen.com/english/advisories/2008/1943/references
- https://exchange.xforce.ibmcloud.com/vulnerabilities/43382
- https://exchange.xforce.ibmcloud.com/vulnerabilities/43383
- https://exchange.xforce.ibmcloud.com/vulnerabilities/43387
- https://exchange.xforce.ibmcloud.com/vulnerabilities/43388
- http://osvdb.org/46602
FAQ
What is CVE-2008-6706?
CVE-2008-6706 is a vulnerability with a CVSS score of 7.8 (HIGH). Multiple unspecified vulnerabilities in the Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, allow remote attackers to obtai...
How severe is CVE-2008-6706?
CVE-2008-6706 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-6706?
Check the references section above for vendor advisories and patch information. Affected products include: Avaya Sip Enablement Services, Avaya Communication Manager.