Vulnerability Description
Unrestricted file upload vulnerability in ImageUpload.ashx in the Wallboard application in Avaya IP Office Customer Call Reporter 7.0 before 7.0.5.8 Q1 2012 Maintenance Release and 8.0 before 8.0.9.13 Q1 2012 Maintenance Release allows remote attackers to execute arbitrary code by uploading an executable file and then accessing it via a direct request.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Avaya | Ip Office Customer Call Reporter | 7.0 |
References
- http://zerodayinitiative.com/advisories/ZDI-12-106/
- https://downloads.avaya.com/css/P8/documents/100164021Vendor Advisory
- http://zerodayinitiative.com/advisories/ZDI-12-106/
- https://downloads.avaya.com/css/P8/documents/100164021Vendor Advisory
FAQ
What is CVE-2012-3811?
CVE-2012-3811 is a vulnerability with a CVSS score of 10.0 (HIGH). Unrestricted file upload vulnerability in ImageUpload.ashx in the Wallboard application in Avaya IP Office Customer Call Reporter 7.0 before 7.0.5.8 Q1 2012 Maintenance Release and 8.0 before 8.0.9.13...
How severe is CVE-2012-3811?
CVE-2012-3811 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-3811?
Check the references section above for vendor advisories and patch information. Affected products include: Avaya Ip Office Customer Call Reporter.