Vulnerability Description
Buffer overflow in the SoftConsole client in Avaya IP Office before 10.1.1 allows remote servers to execute arbitrary code via a long response.
CVSS Score
9.6
CRITICAL
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Avaya | Ip Office | < 10.1.1 |
Related Weaknesses (CWE)
References
- http://downloads.avaya.com/css/P8/documents/101044086Vendor Advisory
- http://hyp3rlinx.altervista.org/advisories/AVAYA-OFFICE-IP-%28IPO%29-v9.1.0-10.1
- http://packetstormsecurity.com/files/144883/Avaya-IP-Office-IPO-10.1-Soft-ConsolExploitThird Party AdvisoryVDB Entry
- http://www.securityfocus.com/bid/101674Third Party AdvisoryVDB Entry
- https://www.exploit-db.com/exploits/43121/ExploitThird Party AdvisoryVDB Entry
- http://downloads.avaya.com/css/P8/documents/101044086Vendor Advisory
- http://hyp3rlinx.altervista.org/advisories/AVAYA-OFFICE-IP-%28IPO%29-v9.1.0-10.1
- http://packetstormsecurity.com/files/144883/Avaya-IP-Office-IPO-10.1-Soft-ConsolExploitThird Party AdvisoryVDB Entry
- http://www.securityfocus.com/bid/101674Third Party AdvisoryVDB Entry
- https://www.exploit-db.com/exploits/43121/ExploitThird Party AdvisoryVDB Entry
FAQ
What is CVE-2017-11309?
CVE-2017-11309 is a vulnerability with a CVSS score of 9.6 (CRITICAL). Buffer overflow in the SoftConsole client in Avaya IP Office before 10.1.1 allows remote servers to execute arbitrary code via a long response.
How severe is CVE-2017-11309?
CVE-2017-11309 has been rated CRITICAL with a CVSS base score of 9.6/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2017-11309?
Check the references section above for vendor advisories and patch information. Affected products include: Avaya Ip Office.