Vulnerabilities > CVE-2012-3811 - Unspecified vulnerability in Avaya IP Office Customer Call Reporter 7.0/8.0

047910
CVSS 10.0 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
low complexity
avaya
critical
exploit available
metasploit

Summary

Unrestricted file upload vulnerability in ImageUpload.ashx in the Wallboard application in Avaya IP Office Customer Call Reporter 7.0 before 7.0.5.8 Q1 2012 Maintenance Release and 8.0 before 8.0.9.13 Q1 2012 Maintenance Release allows remote attackers to execute arbitrary code by uploading an executable file and then accessing it via a direct request. Per: http://cwe.mitre.org/data/definitions/434.html 'CWE-434: Unrestricted Upload of File with Dangerous Type'

Vulnerable Configurations

Part Description Count
Application
Avaya
2

Exploit-Db

descriptionAvaya IP Office Customer Call Reporter ImageUpload.ashx Remote Command Execution. CVE-2012-3811. Remote exploit for windows platform
idEDB-ID:21847
last seen2016-02-02
modified2012-10-10
published2012-10-10
reportermetasploit
sourcehttps://www.exploit-db.com/download/21847/
titleAvaya IP Office Customer Call Reporter ImageUpload.ashx Remote Command Execution

Metasploit

descriptionThis module exploits an authentication bypass vulnerability on Avaya IP Office Customer Call Reporter, which allows a remote user to upload arbitrary files through the ImageUpload.ashx component. It can be abused to upload and execute arbitrary ASP .NET code. The vulnerability has been tested successfully on Avaya IP Office Customer Call Reporter 7.0.4.2 and 8.0.8.15 on Windows 2003 SP2.
idMSF:EXPLOIT/WINDOWS/HTTP/AVAYA_CCR_IMAGEUPLOAD_EXEC
last seen2020-06-13
modified2019-08-02
published2012-10-08
references
reporterRapid7
sourcehttps://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/http/avaya_ccr_imageupload_exec.rb
titleAvaya IP Office Customer Call Reporter ImageUpload.ashx Remote Command Execution

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/117208/avaya_ccr_imageupload_exec.rb.txt
idPACKETSTORM:117208
last seen2016-12-05
published2012-10-08
reporterrgod
sourcehttps://packetstormsecurity.com/files/117208/Avaya-IP-Office-Customer-Call-Reporter-Command-Execution.html
titleAvaya IP Office Customer Call Reporter Command Execution

Saint

bid54225
descriptionAvaya IP Office Customer Call Reporter ImageUpload.ashx file upload
idnet_avayaipofficever
osvdb83399
titleavaya_ip_office_customer_call_reporter_imageupload
typeremote