CVE-2008-3081

Multiple unspecified "input validation" vulnerabilities in the Web management interface (aka Messaging Administration interface) in Avaya Message Storage Server (MSS) 3.x and 4.0, and possibly Communication Manager 3.1.x, allow remote authenticated administrators to execute arbitrary commands as user vexvm via vectors related to (1) SFTP Remote Store configuration; (2) remote FTP storage settings; (3) name server lookup; (4) pinging another host; (5) TCP/IP Networking parameter configuration; (6) the external hosts configuration main page; (7) adding and changing external hosts; (8) Windows domain parameter configuration; (9) date, time, and NTP server configuration; (10) alarm settings; (11) the command line history form; (12) the maintenance form; and (13) the server events form.

Published: 2008-07-08 Last update: 2026-06-16 Assigner: [email protected] Source: [email protected]
NVD Status:ModifiedCVE State: published
View at NVD, CVE.org, EUVD

CVE-2008-3081 is rated Moderate Risk (58.4/100): CVSS Medium severity, with medium exploitation likelihood (EPSS 3.06%). EPSS rose +2.35% over the last day, indicating growing attacker interest. Review affected assets and schedule remediation.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2008-3081

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2026-06-15 0.71% 3.06% +2.35%
2 2025-03-17 0.32% 0.71% +0.39%
3 2023-10-02 0.32%

Full EPSS history (6 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2008-3081

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
6.5 2.0 MEDIUM
AV:N/AC:L/Au:S/C:P/I:P/A:P Click to expand
Access vector (AV:N)
Can be exploited remotely over network reachability.
Access complexity (AC:L)
Exploitation conditions are straightforward and predictable.
Authentication (AU:S)
A single authentication is required.
Confidentiality impact (C:P)
Partial confidentiality impact.
Integrity impact (I:P)
Partial integrity impact.
Availability impact (A:P)
Partial availability impact.
 8.0 6.4 [email protected]

Weakness enumeration for CVE-2008-3081

Affected software / configurations for CVE-2008-3081

Vendor Product Version Raw CPE
avaya messaging_storage_server 3 cpe:2.3:a:avaya:messaging_storage_server:3:*:*:*:*:*:*:*
avaya messaging_storage_server 3.1 cpe:2.3:a:avaya:messaging_storage_server:3.1:*:*:*:*:*:*:*
avaya messaging_storage_server 4.0 cpe:2.3:a:avaya:messaging_storage_server:4.0:*:*:*:*:*:*:*

References for CVE-2008-3081

URL Tags
http://osvdb.org/46587
http://secunia.com/advisories/30777 Vendor Advisory
http://support.avaya.com/elmodocs2/security/ASA-2008-269.htm
http://www.securityfocus.com/bid/29938
http://www.voipshield.com/research-details.php?id=100
http://www.voipshield.com/research-details.php?id=101
http://www.voipshield.com/research-details.php?id=102
http://www.voipshield.com/research-details.php?id=103
http://www.voipshield.com/research-details.php?id=104
http://www.voipshield.com/research-details.php?id=92
http://www.voipshield.com/research-details.php?id=93
http://www.voipshield.com/research-details.php?id=94
http://www.voipshield.com/research-details.php?id=95
http://www.voipshield.com/research-details.php?id=96
http://www.voipshield.com/research-details.php?id=97
http://www.voipshield.com/research-details.php?id=98
http://www.voipshield.com/research-details.php?id=99
http://www.vupen.com/english/advisories/2008/1945/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/43422
https://exchange.xforce.ibmcloud.com/vulnerabilities/43423
https://exchange.xforce.ibmcloud.com/vulnerabilities/43424
cvelogic Threat Intelligence