CVE-2012-3811
Published Jul 3, 2012
Last updated 12 years ago
Overview
- Description
- Unrestricted file upload vulnerability in ImageUpload.ashx in the Wallboard application in Avaya IP Office Customer Call Reporter 7.0 before 7.0.5.8 Q1 2012 Maintenance Release and 8.0 before 8.0.9.13 Q1 2012 Maintenance Release allows remote attackers to execute arbitrary code by uploading an executable file and then accessing it via a direct request.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 10
- Impact score
- 10
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:C/I:C/A:C
Weaknesses
- nvd@nist.gov
- NVD-CWE-Other
Evaluator
- Comment
- Per: http://cwe.mitre.org/data/definitions/434.html 'CWE-434: Unrestricted Upload of File with Dangerous Type'
- Impact
- -
- Solution
- -
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:avaya:ip_office_customer_call_reporter:7.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1D595B22-63D4-4285-AD5C-7A3F8F22457B"
},
{
"criteria": "cpe:2.3:a:avaya:ip_office_customer_call_reporter:8.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FF2A34F3-AF83-4217-9D0C-5883CD5486A8"
}
],
"operator": "OR"
}
]
}
]