CVE-2008-6573

CVSS V2 Medium 6.8 CVSS V3 None
Description
Multiple SQL injection vulnerabilities in Avaya SIP Enablement Services (SES) in Avaya Avaya Communication Manager 3.x, 4.0, and 5.0 (1) allow remote attackers to execute arbitrary SQL commands via unspecified vectors related to profiles in the SIP Personal Information Manager (SPIM) in the web interface; and allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors related to (2) permissions for SPIM profiles in the web interface and (3) a crafted SIP request to the SIP server.
Overview
  • CVE ID
  • CVE-2008-6573
  • Assigner
  • cve@mitre.org
  • Vulnerability Status
  • Modified
  • Published Version
  • 2009-04-01T22:30:00
  • Last Modified Date
  • 2017-08-17T01:29:24
Weakness Enumerations
CWE URL
CWE-89 http://cwe.mitre.org/data/definitions/89.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:avaya:communication_manager:*:*:*:*:*:*:*:* 1 OR 3.1
cpe:2.3:a:avaya:communication_manager:3.1.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:avaya:communication_manager:3.1.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:avaya:communication_manager:3.1.3:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:avaya:communication_manager:3.1.4:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:avaya:communication_manager:3.1.4:sp1:*:*:*:*:*:* 1 OR
cpe:2.3:a:avaya:communication_manager:3.1.4:sp2:*:*:*:*:*:* 1 OR
cpe:2.3:a:avaya:communication_manager:3.1.5:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:avaya:communication_manager:3.1.5:sp0:*:*:*:*:*:* 1 OR
cpe:2.3:a:avaya:communication_manager:4.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:avaya:communication_manager:5.0:*:*:*:*:*:*:* 1 OR
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:N/AC:M/Au:N/C:P/I:P/A:P
  • Access Vector
  • NETWORK
  • Access Compatibility
  • MEDIUM
  • Authentication
  • NONE
  • Confidentiality Impact
  • PARTIAL
  • Integrity Impact
  • PARTIAL
  • Availability Impact
  • PARTIAL
  • Base Score
  • 6.8
  • Severity
  • MEDIUM
  • Exploitability Score
  • 8.6
  • Impact Score
  • 6.4
References
Reference URL Reference Tags
http://www.securityfocus.com/bid/28682
http://www.voipshield.com/research-details.php?id=26
http://support.avaya.com/elmodocs2/security/ASA-2008-150.htm
http://secunia.com/advisories/29744 Vendor Advisory
http://support.avaya.com/elmodocs2/security/ASA-2008-151.htm Vendor Advisory
http://www.voipshield.com/research-details.php?id=25
http://www.voipshield.com/research-details.php?id=22
http://osvdb.org/44285
http://osvdb.org/44284
http://osvdb.org/44286
https://exchange.xforce.ibmcloud.com/vulnerabilities/41733
https://exchange.xforce.ibmcloud.com/vulnerabilities/41730
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2008-6573
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6573
History
Created Old Value New Value Data Type Notes
2022-05-10 09:02:15 Added to TrackCVE