Old-school Remote Command Exec Vulnerabilities on Avaya Intuity

Remember those old remote command exec vulns where you had a CGI script such as a perl program which would take input from the client to construct command strings that would then be passed to the shell environment? Well, there were tons of those affecting diagnostic scripts available on the web interface of Avaya Intuity Audix LX.

These vulnerabilities, although cool, are not critical since you need to be logged into the interface in order to exploit them. [...]

more | comments | comments rss | posted by