Vulnerability Description
Stack-based buffer overflow in cstore.exe in the Media Application Server (MAS) in Avaya Aura Application Server 5300 (formerly Nortel Media Application Server) 1.x before 1.0.2 and 2.0 before Patch Bundle 10 allows remote attackers to execute arbitrary code via a crafted cs_anams parameter in a CONTENT_STORE_ADMIN_REQ packet.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Avaya | Aura Application Server 5300 | 1.0 |
Related Weaknesses (CWE)
References
- http://zerodayinitiative.com/advisories/ZDI-11-260/
- https://downloads.avaya.com/css/P8/documents/100146108Vendor Advisory
- http://zerodayinitiative.com/advisories/ZDI-11-260/
- https://downloads.avaya.com/css/P8/documents/100146108Vendor Advisory
FAQ
What is CVE-2011-5096?
CVE-2011-5096 is a vulnerability with a CVSS score of 10.0 (HIGH). Stack-based buffer overflow in cstore.exe in the Media Application Server (MAS) in Avaya Aura Application Server 5300 (formerly Nortel Media Application Server) 1.x before 1.0.2 and 2.0 before Patch B...
How severe is CVE-2011-5096?
CVE-2011-5096 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-5096?
Check the references section above for vendor advisories and patch information. Affected products include: Avaya Aura Application Server 5300.