CVE-2012-3811

Published: Jul 3, 2012Modified: Apr 29, 2026

10.0

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability: 10.0 / Impact: 10.0

Source: NVD

Description

Unrestricted file upload vulnerability in ImageUpload.ashx in the Wallboard application in Avaya IP Office Customer Call Reporter 7.0 before 7.0.5.8 Q1 2012 Maintenance Release and 8.0 before 8.0.9.13 Q1 2012 Maintenance Release allows remote attackers to execute arbitrary code by uploading an executable file and then accessing it via a direct request.

Affected (2)

Products: Avaya: Ip Office Customer Call Reporter

1 product

Ip Office Customer Call Reporter

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Avaya Ip Office Customer Call Reporter	Version 7.0
Avaya Ip Office Customer Call Reporter	Version 8.0

References (4)

http://zerodayinitiative.com/advisories/ZDI-12-106/

Source: cve@mitre.org

https://downloads.avaya.com/css/P8/documents/100164021

Source: cve@mitre.org

Vendor Advisory

http://zerodayinitiative.com/advisories/ZDI-12-106/

Source: af854a3a-2127-422b-91ae-364da2661108

https://downloads.avaya.com/css/P8/documents/100164021

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.