Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveAvayaCVE-2018-15615
HistorySep 24, 2018 - 1:00 p.m.

CVE-2018-15615

2018-09-2413:00:00
CWE-200
avaya
web.nvd.nist.gov
21
vulnerability
avaya
cms
supervisor
cve-2018-15615
nvd
information security
data breach

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.2

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H

AI Score

4.5

Confidence

High

EPSS

0

Percentile

12.6%

JSON

A vulnerability in the Supervisor component of Avaya Call Management System allows local administrative user to extract sensitive information from users connecting to a remote CMS host. Affected versions of CMS Supervisor include R17.0.x and R18.0.x.

Affected configurations

Nvd
Node
avayacall_management_system_supervisorMatch17.0.0
OR
avayacall_management_system_supervisorMatch18.0.1.0
OR
avayacall_management_system_supervisorMatch18.0.2.0
VendorProductVersionCPE
avayacall_management_system_supervisor17.0.0cpe:2.3:a:avaya:call_management_system_supervisor:17.0.0:*:*:*:*:*:*:*
avayacall_management_system_supervisor18.0.1.0cpe:2.3:a:avaya:call_management_system_supervisor:18.0.1.0:*:*:*:*:*:*:*
avayacall_management_system_supervisor18.0.2.0cpe:2.3:a:avaya:call_management_system_supervisor:18.0.2.0:*:*:*:*:*:*:*

CNA Affected

[
  {
    "product": "Call Management System Supervisor",
    "vendor": "Avaya",
    "versions": [
      {
        "status": "affected",
        "version": "Affected verisons include R17.0.x and R18.0.x"
      }
    ]
  }
]

Related

nvd 1
prion 1
cvelist 1
nvd
nvd
CVE-2018-15615
2018-09-24 12:29:00
prion
prion
Design/Logic Flaw
2018-09-24 12:29:00
cvelist
cvelist
CVE-2018-15615 CMS Supervisor Information Disclosure
2018-09-24 13:00:00

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.2

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H

AI Score

4.5

Confidence

High

EPSS

0

Percentile

12.6%

JSON
Related for CVE-2018-15615
nvd1prion1cvelist1