CVE-2017-11309
Avaya IP Office (IPO) < 10.1 - 'SoftConsole' Remote Buffer Overflow (SEH)
Severity Score
9.6
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
3
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Buffer overflow in the SoftConsole client in Avaya IP Office before 10.1.1 allows remote servers to execute arbitrary code via a long response.
Desbordamiento de búfer en el cliente de SoftConsole en Avaya IP Office en versiones anteriores a la 10.1.1 permite que servidores remotos ejecuten código arbitrario mediante una respuesta larga.
Avaya IP Office (IPO) versions 9.1.0 through 10.1 suffer from a soft console remote buffer overflow vulnerability.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2017-07-13 CVE Reserved
- 2017-11-05 CVE Published
- 2017-11-05 First Exploit
- 2024-08-05 CVE Updated
- 2025-03-18 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (6)
| URL | Tag | Source |
|---|---|---|
| http://hyp3rlinx.altervista.org/advisories/AVAYA-OFFICE-IP-%28IPO%29-v9.1.0-10.1-SOFT-CONSOLE-REMOTE-BUFFER-OVERFLOW-0DAY.txt | X_refsource_misc | |
| http://www.securityfocus.com/bid/101674 | Third Party Advisory |
| URL | Date | SRC |
|---|---|---|
| https://packetstorm.news/files/id/144883 | 2017-11-05 | |
| https://www.exploit-db.com/exploits/43121 | 2024-08-05 | |
| http://packetstormsecurity.com/files/144883/Avaya-IP-Office-IPO-10.1-Soft-Console-Remote-Buffer-Overflow.html | 2024-08-05 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://downloads.avaya.com/css/P8/documents/101044086 | 2023-11-07 |