CVE-2008-6707

{"id": "CVE-2008-6707", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.4, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2009-04-10T22:00:00.670", "references": [{"url": "http://osvdb.org/46598", "source": "cve@mitre.org"}, {"url": "http://osvdb.org/46599", "source": "cve@mitre.org"}, {"url": "http://osvdb.org/46600", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/30751", "source": "cve@mitre.org"}, {"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/29939", "source": "cve@mitre.org"}, {"url": "http://www.voipshield.com/research-details.php?id=86", "source": "cve@mitre.org"}, {"url": "http://www.voipshield.com/research-details.php?id=87", "source": "cve@mitre.org"}, {"url": "http://www.voipshield.com/research-details.php?id=88", "source": "cve@mitre.org"}, {"url": "http://www.voipshield.com/research-details.php?id=89", "source": "cve@mitre.org"}, {"url": "http://www.voipshield.com/research-details.php?id=90", "source": "cve@mitre.org"}, {"url": "http://www.voipshield.com/research-details.php?id=91", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2008/1943/references", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43381", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43384", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43389", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43393", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43394", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43395", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "The Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, does not perform authentication for certain functionality, which allows remote attackers to obtain sensitive information and access restricted functionality via (1) the certificate installation utility, (2) unspecified scripts in the objects folder, (3) an \"unnecessary default application,\" (4) unspecified scripts in the states folder, (5) an unspecified \"default application\" that lists server configuration, and (6) \"full system help.\""}, {"lang": "es", "value": "El interfase de administraci\u00f3n web de Avaya SIP Enablement Services (SES) v3.x y v4.0, como las usadas en Avaya Communication Manager v3.1.x no realiza autentificaci\u00f3n para ciertas tareas, lo que permite a atacantes remotos obtener informaci\u00f3n sensible y acceso a funcionalidades restringidas a trav\u00e9s de (1) la utilidad de instalaci\u00f3n de certificados, (2) secuencias de comandos no espec\u00edficas en el directorio de objetos, (3) una \"aplicaci\u00f3n por defecto no necesaria\", (4) secuencias de c\u00f3digo no espec\u00edficas en el directorio \"States\",(5) una \"aplicaci\u00f3n por defecto\" no espec\u00edfica que lista la configuraci\u00f3n del servidor, y (6) \"ayuda del sistema completa\"."}], "lastModified": "2017-08-17T01:29:30.347", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:avaya:sip_enablement_services:3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F8D4881F-650A-4FA1-B604-70EBBED41AE7"}, {"criteria": "cpe:2.3:a:avaya:sip_enablement_services:3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F9EB9ECB-9ABF-40ED-9116-D3FE9FC73B38"}, {"criteria": "cpe:2.3:a:avaya:sip_enablement_services:3.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "43F41650-7E55-436A-9935-8CE88B428680"}, {"criteria": "cpe:2.3:a:avaya:sip_enablement_services:4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7BFF25B3-B7C7-479C-8C2A-995E568C3395"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:avaya:communication_manager:3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "88F5C363-3A38-43FC-A06D-73E280AB844B"}, {"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C4030E5D-BC15-481D-A15E-98FAE65130D9"}, {"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F3FC3A86-CE3D-4C12-9E31-7F7280EF9D28"}, {"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BBD119B9-FE11-4165-943D-119E906DC013"}, {"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "89F99C5C-C184-4A5C-B8BA-F558C4A38730"}, {"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.4:sp1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1EAA2BC9-4794-4441-8AA8-3C1B7297FD06"}, {"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.4:sp2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "423E4EEB-3D6F-449E-B623-C8D051E8FA3B"}, {"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "87089C0E-2241-46A7-93EE-EC41D52A89C6"}, {"criteria": "cpe:2.3:a:avaya:communication_manager:3.1.5:sp0:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5BD89D61-0B42-4DDE-99F1-71570A37A136"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}