9
CVE-2008-5709
- EPSS 4.67%
- Published 24.12.2008 18:29:15
- Last modified 09.04.2025 00:30:58
- Source cve@mitre.org
- Teams watchlist Login
- Open Login
Multiple unspecified vulnerabilities in the web management interface in Avaya Communication Manager (CM) 3.1 before 3.1.4 SP2, 4.0 before 4.0.3 SP1, and 5.0 before 5.0 SP3 allow remote authenticated users to execute arbitrary code via unknown attack vectors in the (1) Set Static Routes and (2) Backup History components.
Data is provided by the National Vulnerability Database (NVD)
Avaya ≫ Communication Manager Version3.1.1
Avaya ≫ Communication Manager Version3.1.2
Avaya ≫ Communication Manager Version3.1.3
Avaya ≫ Communication Manager Version3.1.4 Updatesp1
Avaya ≫ Communication Manager Version4.0
Avaya ≫ Communication Manager Version4.0.1
Avaya ≫ Communication Manager Version4.0.1 Updatesp15215
Avaya ≫ Communication Manager Version4.0.1 Updatesp15500
Avaya ≫ Communication Manager Version4.0.3
Avaya ≫ Communication Manager Version5.0
Avaya ≫ Communication Manager Version5.0 Updatesp1
Avaya ≫ Communication Manager Version5.0 Updatesp2
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 4.67% | 0.889 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 9 | 8 | 10 |
AV:N/AC:L/Au:S/C:C/I:C/A:C
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.