SPIM Unauthenticated SQL Injection
The Avaya Communication Manager and the SIP Enablement Services (SES) allow leveraging the SIP protocol to improve the connectivity and openness of Communication Manager by allowing SIP-based clients to connect to the Communication Manager. By providing users the SIP Personal Information Manager (SPIM), users can configure certain parameters for their profiles.
Due to a flaw in the SPIM pages, an attacker can inject SQL commands prior to being required to enter a valid user name and password.
Communication Manager 3.1.x, Communication Manager 4.x
In order to address this vulnerability Avaya recommends upgrade to SES ver 5.1 or later. More details could be found in http://support.avaya.com/elmodocs2/security/ASA-2008-151.htm
In the short term it is recommended that a VoIP aware IPS product, such as VoIPguard, with signatures to detect attempts to exploit this issue, be implemented to prevent it from being exploited. Implementing best practices can limit the exposure of this issue by disallowing web access to the SPIM from unauthorized network locations.
Avaya customers with a valid support agreement may wish to speak with their support contact in order to obtain further vendor details.
Each line represents an individual vulnerability or group of vulnerabilities. For example, "UCM Multiple Hardcoded Passwords" is presented here in a single line but was reported to Nortel as sixteen (16) individual vulnerabilities.
Click on a level for description
Vendor Response LegendPatch available
Attempting to address the issue
No vendor response