Vulnerability Details CVE-2017-11309
Buffer overflow in the SoftConsole client in Avaya IP Office before 10.1.1 allows remote servers to execute arbitrary code via a long response.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.286
EPSS Ranking 96.3%
CVSS Severity
CVSS v3 Score 9.6
CVSS v2 Score 6.8
References
- http://downloads.avaya.com/css/P8/documents/101044086
- http://hyp3rlinx.altervista.org/advisories/AVAYA-OFFICE-IP-%28IPO%29-v9.1.0-10.1-SOFT-CONSOLE-REMOTE-BUFFER-OVERFLOW-0DAY.txt
- http://packetstormsecurity.com/files/144883/Avaya-IP-Office-IPO-10.1-Soft-Console-Remote-Buffer-Overflow.html
- http://www.securityfocus.com/bid/101674
- https://www.exploit-db.com/exploits/43121/
- http://downloads.avaya.com/css/P8/documents/101044086
- http://hyp3rlinx.altervista.org/advisories/AVAYA-OFFICE-IP-%28IPO%29-v9.1.0-10.1-SOFT-CONSOLE-REMOTE-BUFFER-OVERFLOW-0DAY.txt
- http://packetstormsecurity.com/files/144883/Avaya-IP-Office-IPO-10.1-Soft-Console-Remote-Buffer-Overflow.html
- http://www.securityfocus.com/bid/101674
- https://www.exploit-db.com/exploits/43121/
Products affected by CVE-2017-11309
-
cpe:2.3:a:avaya:ip_office:10.0
-
cpe:2.3:a:avaya:ip_office:10.1
-
cpe:2.3:a:avaya:ip_office:10.1.0.7
-
cpe:2.3:a:avaya:ip_office:10.1.0.8
-
cpe:2.3:a:avaya:ip_office:8.1
-
cpe:2.3:a:avaya:ip_office:9.0
-
cpe:2.3:a:avaya:ip_office:9.1