Vulnerability Details : CVE-2008-3778
The remote management interface in SIP Enablement Services (SES) Server in Avaya SIP Enablement Services 5.0, and Communication Manager (CM) 5.0 on the S8300C with SES enabled, proceeds with Core router updates even when a login is invalid, which allows remote attackers to cause a denial of service (messaging outage) or gain privileges via an update request.
Vulnerability category: Denial of service
Exploit prediction scoring system (EPSS) score for CVE-2008-3778
Probability of exploitation activity in the next 30 days: 0.50%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 73 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2008-3778
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2008-3778
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2008-3778
Products affected by CVE-2008-3778
- cpe:2.3:a:avaya:communication_manager:5.0:*:*:*:*:*:*:*When used together with: Avaya » S8300c Server
- cpe:2.3:a:avaya:sip_enablement_services:5.0:*:*:*:*:*:*:*