Avaya IP Office VOIP Server

Platform Information https://support.avaya.com/products/P0160/ip-office-platform/
Search Engine Search on Google
End of Sales -
End of Support -
Wired Connection -
Wireless Connection -
Fingerprinting Source HTTP MAC OUI NIC VENDOR HTTPS
Added at Jul 09, 2019
Manufacturer Name Avaya Inc.
Homepage http://avaya.com/
Headquarters United States of America
Business Status Ongoing

Platform’s Common Vulnerabilities and Exposures (CVE)
CVE-ID
Severity v3.0
Severity v2.0
Description
CVE-2016-5285
11/15/2019
MEDIUM
Null pointer dereference vulnerability exists in K11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime in NSS before 3.26, which causes the TLS/SSL server using NSS to crash.
CVE-2018-15614
01/23/2019
MEDIUM
LOW
A vulnerability in the one-x Portal component of IP Office could allow an authenticated user to perform stored cross site scripting attacks via fields in the Conference Scheduler Service that could affect other application users. Affected versions of IP Office include 10.0 through 10.1 SP3 and 11.0 versions prior to 11.0 SP1.
CVE-2018-15610
09/12/2018
HIGH
HIGH
A vulnerability in the one-X Portal component of Avaya IP Office allows an authenticated attacker to read and delete arbitrary files on the system. Affected versions of Avaya IP Office include 9.1 through 9.1 SP12, 10.0 through 10.0 SP7, and 10.1 through 10.1 SP2.
CVE-2017-11309
11/10/2017
CRITICAL
MEDIUM
Buffer overflow in the SoftConsole client in Avaya IP Office before 10.1.1 allows remote servers to execute arbitrary code via a long response.
Manufacturer’s Common Vulnerabilities and Exposures (CVE)
CVE-ID
Severity v3.0
Severity v2.0
Description
CVE-2007-5830
11/05/2007
HIGH
Unspecified vulnerability in the administrative interface in Avaya Messaging Storage Server (MSS) 3.1 before SP1, and Message Networking (MN) 3.1, allows remote attackers to cause a denial of service via unspecified vectors related to "input validation."
CVE-2007-5556
10/18/2007
HIGH
Unspecified vulnerability in the Avaya VoIP Handset allows remote attackers to cause a denial of service (reboot) via crafted packets. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.
CVE-2007-3286
09/19/2007
MEDIUM
Multiple buffer overflows in unspecified ActiveX controls in COM objects in Avaya IP Softphone R5.2 before SP3, and R6.0, allow remote attackers to execute arbitrary code via unspecified vectors.
CVE-2007-3322
06/21/2007
MEDIUM
The Avaya 4602 SW IP Phone (Model 4602D02A) with 2.2.2 and earlier SIP firmware uses a constant media port number for calls, which allows remote attackers to cause a denial of service (audio quality loss) via a flood of packets to the RTP port.
CVE-2007-3321
06/21/2007
MEDIUM
The Avaya 4602 SW IP Phone (Model 4602D02A) with 2.2.2 and earlier SIP firmware allows remote attackers to cause a denial of service (device reboot) via a flood of packets to the BOOTP port (68/udp).