Vulnerabilities > CVE-2012-3811 - Unspecified vulnerability in Avaya IP Office Customer Call Reporter 7.0/8.0
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Unrestricted file upload vulnerability in ImageUpload.ashx in the Wallboard application in Avaya IP Office Customer Call Reporter 7.0 before 7.0.5.8 Q1 2012 Maintenance Release and 8.0 before 8.0.9.13 Q1 2012 Maintenance Release allows remote attackers to execute arbitrary code by uploading an executable file and then accessing it via a direct request.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 2 |
Exploit-Db
| description | Avaya IP Office Customer Call Reporter ImageUpload.ashx Remote Command Execution. CVE-2012-3811. Remote exploit for windows platform |
| id | EDB-ID:21847 |
| last seen | 2016-02-02 |
| modified | 2012-10-10 |
| published | 2012-10-10 |
| reporter | metasploit |
| source | https://www.exploit-db.com/download/21847/ |
| title | Avaya IP Office Customer Call Reporter ImageUpload.ashx Remote Command Execution |
Metasploit
| description | This module exploits an authentication bypass vulnerability on Avaya IP Office Customer Call Reporter, which allows a remote user to upload arbitrary files through the ImageUpload.ashx component. It can be abused to upload and execute arbitrary ASP .NET code. The vulnerability has been tested successfully on Avaya IP Office Customer Call Reporter 7.0.4.2 and 8.0.8.15 on Windows 2003 SP2. |
| id | MSF:EXPLOIT/WINDOWS/HTTP/AVAYA_CCR_IMAGEUPLOAD_EXEC |
| last seen | 2020-06-13 |
| modified | 2019-08-02 |
| published | 2012-10-08 |
| references | |
| reporter | Rapid7 |
| source | https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/http/avaya_ccr_imageupload_exec.rb |
| title | Avaya IP Office Customer Call Reporter ImageUpload.ashx Remote Command Execution |
Packetstorm
| data source | https://packetstormsecurity.com/files/download/117208/avaya_ccr_imageupload_exec.rb.txt |
| id | PACKETSTORM:117208 |
| last seen | 2016-12-05 |
| published | 2012-10-08 |
| reporter | rgod |
| source | https://packetstormsecurity.com/files/117208/Avaya-IP-Office-Customer-Call-Reporter-Command-Execution.html |
| title | Avaya IP Office Customer Call Reporter Command Execution |
Saint
| bid | 54225 |
| description | Avaya IP Office Customer Call Reporter ImageUpload.ashx file upload |
| id | net_avayaipofficever |
| osvdb | 83399 |
| title | avaya_ip_office_customer_call_reporter_imageupload |
| type | remote |