Lucene search

AvayaCVE-2018-15610

HistorySep 12, 2018 - 9:29 p.m.

CVE-2018-15610

2018-09-1221:29:00

CWE-284

CWE-22

avaya

web.nvd.nist.gov

cve-2018-15610

avaya ip office

one-x portal

vulnerability

authentication

file deletion

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.3

Confidence

High

EPSS

0.001

Percentile

35.3%

JSON

A vulnerability in the one-X Portal component of Avaya IP Office allows an authenticated attacker to read and delete arbitrary files on the system. Affected versions of Avaya IP Office include 9.1 through 9.1 SP12, 10.0 through 10.0 SP7, and 10.1 through 10.1 SP2.

Affected configurations

Nvd

Node

avayaip_officeMatch9.1

avayaip_officeMatch9.1sp1

avayaip_officeMatch9.1sp10

avayaip_officeMatch9.1sp11

avayaip_officeMatch9.1sp12

avayaip_officeMatch9.1sp2

avayaip_officeMatch9.1sp3

avayaip_officeMatch9.1sp4

avayaip_officeMatch9.1sp5

avayaip_officeMatch9.1sp6

avayaip_officeMatch9.1sp7

avayaip_officeMatch9.1sp8

avayaip_officeMatch9.1sp9

avayaip_officeMatch10.0

avayaip_officeMatch10.0sp1

avayaip_officeMatch10.0sp2

avayaip_officeMatch10.0sp3

avayaip_officeMatch10.0sp4

avayaip_officeMatch10.0sp5

avayaip_officeMatch10.0sp6

avayaip_officeMatch10.0sp7

avayaip_officeMatch10.1

avayaip_officeMatch10.1sp1

avayaip_officeMatch10.1sp2

VendorProductVersionCPE
avayaip_office9.1cpe:2.3:a:avaya:ip_office:9.1:*:*:*:*:*:*:*
avayaip_office9.1cpe:2.3:a:avaya:ip_office:9.1:sp1:*:*:*:*:*:*
avayaip_office9.1cpe:2.3:a:avaya:ip_office:9.1:sp10:*:*:*:*:*:*
avayaip_office9.1cpe:2.3:a:avaya:ip_office:9.1:sp11:*:*:*:*:*:*
avayaip_office9.1cpe:2.3:a:avaya:ip_office:9.1:sp12:*:*:*:*:*:*
avayaip_office9.1cpe:2.3:a:avaya:ip_office:9.1:sp2:*:*:*:*:*:*
avayaip_office9.1cpe:2.3:a:avaya:ip_office:9.1:sp3:*:*:*:*:*:*
avayaip_office9.1cpe:2.3:a:avaya:ip_office:9.1:sp4:*:*:*:*:*:*
avayaip_office9.1cpe:2.3:a:avaya:ip_office:9.1:sp5:*:*:*:*:*:*
avayaip_office9.1cpe:2.3:a:avaya:ip_office:9.1:sp6:*:*:*:*:*:*

Vendor	Product	Version	CPE
avaya	ip_office	9.1	cpe:2.3:a:avaya:ip_office:9.1:::::::*
avaya	ip_office	9.1	cpe:2.3:a:avaya:ip_office:9.1:sp1::::::
avaya	ip_office	9.1	cpe:2.3:a:avaya:ip_office:9.1:sp10::::::
avaya	ip_office	9.1	cpe:2.3:a:avaya:ip_office:9.1:sp11::::::
avaya	ip_office	9.1	cpe:2.3:a:avaya:ip_office:9.1:sp12::::::
avaya	ip_office	9.1	cpe:2.3:a:avaya:ip_office:9.1:sp2::::::
avaya	ip_office	9.1	cpe:2.3:a:avaya:ip_office:9.1:sp3::::::
avaya	ip_office	9.1	cpe:2.3:a:avaya:ip_office:9.1:sp4::::::
avaya	ip_office	9.1	cpe:2.3:a:avaya:ip_office:9.1:sp5::::::
avaya	ip_office	9.1	cpe:2.3:a:avaya:ip_office:9.1:sp6::::::

Rows per page:

1-10 of 241

CNA Affected

[
  {
    "product": "IP Office",
    "vendor": "Avaya",
    "versions": [
      {
        "status": "affected",
        "version": "9.1 through 9.1 SP12, 10.0 through 10.0 SP7, and 10.1 through 10.1 SP2"
      }
    ]
  }
]

References

downloads.avaya.com/css/P8/documents/101051984

packetstormsecurity.com/files/149284/Avaya-one-X-9.x-10.0.x-10.1.x-Arbitrary-File-Disclosure-Deletion.html

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.3

Confidence

High

EPSS

0.001

Percentile

35.3%

JSON

Related for CVE-2018-15610