APP: Avaya IP Office Customer Call Reporter ImageUpload.ashx Remote Code Execution
This signature detects attempts to exploit a known vulnerability in the Avaya IP Office Customer Call Reporter. A successful attack can lead to arbitrary remote code execution within the context of the server.
Extended Description
Avaya IP Office Customer Call Reporter is prone to a remote code-execution vulnerability. Attackers can leverage this issue to execute arbitrary code with the privileges of the user running the affected application. Avaya IP Office Customer Call Reporter 7.0 and 8.0 are vulnerable; other versions may also be affected.
Affected Products
Avaya ip_office_customer_call_reporter
Short Name
APP:AVAYA-CCRWEBCLIENT-RCE
Severity
Major
Recommended
False
Recommended Action
Drop
Category
APP
Keywords
Avaya CVE-2012-3811 Call Code Customer Execution IP ImageUpload.ashx Office Remote Reporter bid:54225
Release Date
10/30/2012
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Avaya
CVSS Score
10.0