CVE-2008-3778

Published: Aug 25, 2008Modified: Apr 23, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

The remote management interface in SIP Enablement Services (SES) Server in Avaya SIP Enablement Services 5.0, and Communication Manager (CM) 5.0 on the S8300C with SES enabled, proceeds with Core router updates even when a login is invalid, which allows remote attackers to cause a denial of service (messaging outage) or gain privileges via an update request.

Affected (2)

Products: Avaya: Sip Enablement Services, Communication Manager

2 products

Sip Enablement Services

Communication Manager

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Avaya Sip Enablement Services	Version 5.0

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Avaya Communication Manager	Version 5.0

Running on/with	Platform Versions
Avaya S8300c Server	All versions

Related CWEs

References (6)

http://support.avaya.com/elmodocs2/security/ASA-2008-347.htm

Source: cve@mitre.org

http://www.securityfocus.com/bid/30758

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/44585

Source: cve@mitre.org

http://support.avaya.com/elmodocs2/security/ASA-2008-347.htm

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/30758

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/44585

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.