Avaya IP Office Contact Center CVE-2017-11309 Remote Buffer Overflow Vulnerability

Avaya IP Office Contact Center is prone to a remote buffer-overflow vulnerability.

Attackers can exploit this issue to execute arbitrary code within the context of the user. Failed attempts will likely cause a denial-of-service condition.
Avaya IP Office (IPO) versions 9.1.0 through 10.1 are vulnerable.

Information

Bugtraq ID: 101674
Class: Boundary Condition Error
CVE: CVE-2017-11309

Remote: Yes
Local: No
Published: Nov 03 2017 12:00AM
Updated: Nov 03 2017 12:00AM
Credit: John Page.
Vulnerable: Avaya IP Office Contact Center 9.1
Avaya IP Office Contact Center 10.1
Avaya IP Office Contact Center 10.0

Not Vulnerable: Avaya IP Office Contact Center 10.1.1

Exploit

The following exploit code is available:

/data/vulnerabilities/exploits/101674.py

References:

Avaya Homepage (Avaya Inc.)
IP Office SoftConsole Buffer Overflow (Avaya)

Source: www.securityfocus.com

Exploit Collector

Search Exploit