Vulnerability Description
The server in Mitel NuPoint Messenger R11 and R3 sends usernames and passwords in cleartext to Exchange servers, which allows remote attackers to obtain sensitive information by sniffing the network.
CVSS Score
7.8
HIGH
AV:N/AC:L/Au:N/C:C/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mitel | Mitel Nupoint Messenger | r3 |
Related Weaknesses (CWE)
References
- http://www.kb.cert.org/vuls/id/576996US Government Resource
- http://www.mitel.com/resources/NuPoint_and_Exchange.pdfVendor Advisory
- http://www.securityfocus.com/bid/34847
- http://www.kb.cert.org/vuls/id/576996US Government Resource
- http://www.mitel.com/resources/NuPoint_and_Exchange.pdfVendor Advisory
- http://www.securityfocus.com/bid/34847
FAQ
What is CVE-2008-6797?
CVE-2008-6797 is a vulnerability with a CVSS score of 7.8 (HIGH). The server in Mitel NuPoint Messenger R11 and R3 sends usernames and passwords in cleartext to Exchange servers, which allows remote attackers to obtain sensitive information by sniffing the network.
How severe is CVE-2008-6797?
CVE-2008-6797 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-6797?
Check the references section above for vendor advisories and patch information. Affected products include: Mitel Mitel Nupoint Messenger.