Avaya Aura AES - Authorisation Bypass

[Context IS - Disclosure <disclosure () contextis co uk>]

===============================ADVISORY===============================
Systems Affected:    Avaya Aura AES (Application Enablement Services) 4.x.x 
Severity:            Medium
Category:            Authorisation Bypass
Author:              Context Information Security Ltd
Reported to vendor:  9th September 2010
Advisory Issued:     6th January 2011
===============================ADVISORY===============================
 
Description
-----------
The Avaya AES application suffers from an authorisation bypass vulnerability 
that allows a low level user to execute administrative functions.  
 
Analysis
--------
A flaw in the authorisation function validating whether a user is permitted 
to execute a desired function, allows low level users to execute some 
administrative functions leading to an authorisation bypass and privilege 
escalation vulnerability. 
 
Technologies Affected
------------------------------
 
Avaya Aura™ Application Enablement Services (4.x.x)
 
 
Vendor Response
-----------------------
 
https://support.avaya.com/css/P8/documents/100121813
 
 
Disclosure Timeline
--------------------------
9th September 2010 – Vendor Disclosure
10th December 2010 – Vendor Releases Advisory
 
 
Credits
---------
Ben Heinkel of Context Information Security Ltd
 
About Context Information Security
----------------------------------
 
Context Information Security is an independent security consultancy specialising 
in both technical security and information assurance services The company was 
founded in 1998. Its client base has grown steadily over the years, thanks in large 
part to personal recommendations from existing clients who value us as business 
partners. We believe our success is based on the value our clients place on our 
product-agnostic, holistic approach; the way we work closely with them to develop 
a tailored service; and to the independence, integrity and technical skills of our 
consultants.
The company’s client base now includes some of the most prestigious blue chip 
companies in the world, as well as government organisations.
 
The best security experts need to bring a broad portfolio of skills to the job, 
so Context has always sought to recruit staff with extensive business experience 
as well as technical expertise. Our aim is to provide effective and practical 
solutions, advice and support: when we report back to clients we always communicate 
our findings and recommendations in plain terms at a business level as well as in 
the form of an in-depth technical report.
 
Web:        www.contextis.co.uk
Email:      disclosure () contextis co uk
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/