[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] Avaya Aura AES - Authorisation Bypass

To: "bugtraq@xxxxxxxxxxxxxxxxx" <bugtraq@xxxxxxxxxxxxxxxxx>, "full-disclosure@xxxxxxxxxxxxxxxxx" <full-disclosure@xxxxxxxxxxxxxxxxx>
Subject: [Full-disclosure] Avaya Aura AES - Authorisation Bypass
From: Context IS - Disclosure <disclosure@xxxxxxxxxxxxxxx>
Date: Thu, 6 Jan 2011 10:11:53 +0000

===============================ADVISORY===============================
Systems Affected:    Avaya Aura AES (Application Enablement Services) 4.x.x 
Severity:            Medium
Category:            Authorisation Bypass
Author:              Context Information Security Ltd
Reported to vendor:  9th September 2010
Advisory Issued:     6th January 2011
===============================ADVISORY===============================
 
Description
-----------
The Avaya AES application suffers from an authorisation bypass vulnerability 
that allows a low level user to execute administrative functions.  
 
Analysis
--------
A flaw in the authorisation function validating whether a user is permitted 
to execute a desired function, allows low level users to execute some 
administrative functions leading to an authorisation bypass and privilege 
escalation vulnerability. 
 
Technologies Affected
------------------------------
 
Avaya Aura™ Application Enablement Services (4.x.x)
 
 
Vendor Response
-----------------------
 
https://support.avaya.com/css/P8/documents/100121813
 
 
Disclosure Timeline
--------------------------
9th September 2010 – Vendor Disclosure
10th December 2010 – Vendor Releases Advisory
 
 
Credits
---------
Ben Heinkel of Context Information Security Ltd
 
About Context Information Security
----------------------------------
 
Context Information Security is an independent security consultancy 
specialising 
in both technical security and information assurance services The company was 
founded in 1998. Its client base has grown steadily over the years, thanks in 
large 
part to personal recommendations from existing clients who value us as business 
partners. We believe our success is based on the value our clients place on our 
product-agnostic, holistic approach; the way we work closely with them to 
develop 
a tailored service; and to the independence, integrity and technical skills of 
our 
consultants.
The company’s client base now includes some of the most prestigious blue chip 
companies in the world, as well as government organisations.
 
The best security experts need to bring a broad portfolio of skills to the job, 
so Context has always sought to recruit staff with extensive business 
experience 
as well as technical expertise. Our aim is to provide effective and practical 
solutions, advice and support: when we report back to clients we always 
communicate 
our findings and recommendations in plain terms at a business level as well as 
in 
the form of an in-depth technical report.
 
Web:        www.contextis.co.uk
Email:      disclosure@xxxxxxxxxxxxxxx
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: [Full-disclosure] RoomWizard Default Password and Sync Connector Credential Leak [CVE-2010-0214]
Next by Date: Re: [Full-disclosure] Getting root, the hard way
Previous by thread: [Full-disclosure] RoomWizard Default Password and Sync Connector Credential Leak [CVE-2010-0214]
Next by thread: [Full-disclosure] [USN-1038-1] dpkg vulnerability
Index(es):
- Date
- Thread