CVE-2012-3811 – Avaya IP Office Customer Call Reporter ImageUpload Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2012-3811

Unrestricted file upload vulnerability in ImageUpload.ashx in the Wallboard application in Avaya IP Office Customer Call Reporter 7.0 before 7.0.5.8 Q1 2012 Maintenance Release and 8.0 before 8.0.9.13 Q1 2012 Maintenance Release allows remote attackers to execute arbitrary code by uploading an executable file and then accessing it via a direct request. Vulnerabilidad de subida de fichero no restringido en ImageUpload.ashx en la aplicación Wallboard en Avaya IP Office Customer Call Reporter v7.0 anteriores a v7.0.5.8 Q1 2012 Maintenance Release y v8.0 anteriores a v8.0.9.13 Q1 2012 Maintenance Release, permite a atacantes remotos ejecutar código subiendo un fichero ejecutable y accediendo a él a través de una petición directa. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Avaya IP Office Customer Call Reporter. Authentication is not required to exploit this vulnerability. The specific flaw exists because Avaya IP Office Customer Call Reporter allows unauthenticated users to upload files to the webserver through ImageUpload.ashx. The uploaded files will not be stripped of their file extensions and the directory where they are uploaded to has no scripting restrictions. • https://www.exploit-db.com/exploits/21847 http://zerodayinitiative.com/advisories/ZDI-12-106 https://downloads.avaya.com/css/P8/documents/100164021 •