Avaya has released an advisory covering CMS R12, R13/R13.1, R14 and Avaya IR 2.0, 3.0 that contain vulnerabilities that could lead successful security bypass or remote Denial of Service attacks. The issue at hand is actually in the underlying Solaris firewall. Full details can be found in the original advisories:
Avaya: http://support.avaya.com/elmodocs2/security/ASA-2008-119.htm
Solaris: http://sunsolve.sun.com/search/document.do?assetkey=1-66-200183-1