CVE-2008-3081
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Multiple unspecified "input validation" vulnerabilities in the Web management interface (aka Messaging Administration interface) in Avaya Message Storage Server (MSS) 3.x and 4.0, and possibly Communication Manager 3.1.x, allow remote authenticated administrators to execute arbitrary commands as user vexvm via vectors related to (1) SFTP Remote Store configuration; (2) remote FTP storage settings; (3) name server lookup; (4) pinging another host; (5) TCP/IP Networking parameter configuration; (6) the external hosts configuration main page; (7) adding and changing external hosts; (8) Windows domain parameter configuration; (9) date, time, and NTP server configuration; (10) alarm settings; (11) the command line history form; (12) the maintenance form; and (13) the server events form.
Múltiples vulnerabilidades no especificadas de "validación de entrada" en la interfaz de gestión Web (también conocida como Messaging Administration interface) en Avaya Message Storage Server (MSS) 3.x y 4.0, y puede que en Communication Manager 3.1.x, permiten a administradores autenticados en remoto ejecutar comandos de su elección como usuario vexvm mediante vectores relacionados con (1) la configuración de SFTP Remote Store; (2) las propiedades de almacenamiento remoto de FTP; (3) las búsquedas en servidores de nombres; (4) haciendo un ping a otro host; (5) la configuración del parámetro TCP/IP Networking; (6) la página inicial de la configuración del host externo; (7) añadiendo y modificando host externos; (8) la configuración del parámetro de dominio de Windows; (9) la configuración de la fecha, hora y servidor NTP; (10) las propiedades de la alarma; (11) el histórico de las líneas de comando; (12) el formato de mantenimiento; y (13) el formato de los eventos del servidor.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2008-07-08 CVE Reserved
- 2008-07-09 CVE Published
- 2023-10-02 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
CAPEC
References (21)
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://secunia.com/advisories/30777 | 2017-08-08 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Avaya Search vendor "Avaya" | Messaging Storage Server Search vendor "Avaya" for product "Messaging Storage Server" | 3 Search vendor "Avaya" for product "Messaging Storage Server" and version "3" | - |
Affected
| ||||||
Avaya Search vendor "Avaya" | Messaging Storage Server Search vendor "Avaya" for product "Messaging Storage Server" | 3.1 Search vendor "Avaya" for product "Messaging Storage Server" and version "3.1" | - |
Affected
| ||||||
Avaya Search vendor "Avaya" | Messaging Storage Server Search vendor "Avaya" for product "Messaging Storage Server" | 4.0 Search vendor "Avaya" for product "Messaging Storage Server" and version "4.0" | - |
Affected
|