Vulnerability Details : CVE-2012-3811
Public exploit exists!
Unrestricted file upload vulnerability in ImageUpload.ashx in the Wallboard application in Avaya IP Office Customer Call Reporter 7.0 before 7.0.5.8 Q1 2012 Maintenance Release and 8.0 before 8.0.9.13 Q1 2012 Maintenance Release allows remote attackers to execute arbitrary code by uploading an executable file and then accessing it via a direct request.
Vulnerability category: Execute code
Exploit prediction scoring system (EPSS) score for CVE-2012-3811
Probability of exploitation activity in the next 30 days: 92.73%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 99 % EPSS Score History EPSS FAQ
Metasploit modules for CVE-2012-3811
-
Avaya IP Office Customer Call Reporter ImageUpload.ashx Remote Command Execution
Disclosure Date: 2012-06-28First seen: 2020-04-26exploit/windows/http/avaya_ccr_imageupload_execThis module exploits an authentication bypass vulnerability on Avaya IP Office Customer Call Reporter, which allows a remote user to upload arbitrary files through the ImageUpload.ashx component. It can be abused to upload and execute arbitrary ASP .NET code. The v
CVSS scores for CVE-2012-3811
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
References for CVE-2012-3811
-
https://downloads.avaya.com/css/P8/documents/100164021
ASA-2012-222Vendor Advisory
-
http://zerodayinitiative.com/advisories/ZDI-12-106/
ZDI-12-106 | Zero Day Initiative
Products affected by CVE-2012-3811
- cpe:2.3:a:avaya:ip_office_customer_call_reporter:8.0:*:*:*:*:*:*:*
- cpe:2.3:a:avaya:ip_office_customer_call_reporter:7.0:*:*:*:*:*:*:*