Advisory Details

October 18th, 2011

Avaya Identity Engines Ignition Server Remote Code Execution Vulnerability

ZDI-11-293
ZDI-CAN-1095

CVE ID
CVSS SCORE 10, (AV:N/AC:L/Au:N/C:C/I:C/A:C)
AFFECTED VENDORS Avaya
AFFECTED PRODUCTS Identity Engines Ignition Server
TREND MICRO CUSTOMER PROTECTION Trend Micro TippingPoint IPS customers are protected against this vulnerability by Digital Vaccine protection filter ID 11673. For further product information on the TippingPoint IPS: http://www.tippingpoint.com
VULNERABILITY DETAILS


This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Nortel/Avaya Identity Engines Ignition Server. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the AdminAccountManager process, which listens for GIOP requests over TCP ports 23456 and 23457 (SSL). The AdminAccountManager responds to remote requests for administrative functions without authentication. It is possible for a remote attacker to invoke the setAccountPassword operation for the default administrator account, effectively usurping administrator access. From there, it is trivial to execute arbitrary code remotely.

ADDITIONAL DETAILS Avaya has issued an update to correct this vulnerability. More details can be found at:
http://support.avaya.com/css/Products/P0622/Security%20Advisories
DISCLOSURE TIMELINE
  • 2011-04-01 - Vulnerability reported to vendor
  • 2011-10-18 - Coordinated public release of advisory
CREDIT AbdulAziz Hariri of ThirdEyeTesters
BACK TO ADVISORIES