Lucene search

AvayaCVELIST:CVE-2018-15610

HistorySep 12, 2018 - 9:00 p.m.

CVE-2018-15610 Improper access controls in IP Office one-X Portal

2018-09-1221:00:00

CWE-284

avaya

www.cve.org

CVSS3

7.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H

AI Score

8.5

Confidence

High

EPSS

0.001

Percentile

35.3%

JSON

A vulnerability in the one-X Portal component of Avaya IP Office allows an authenticated attacker to read and delete arbitrary files on the system. Affected versions of Avaya IP Office include 9.1 through 9.1 SP12, 10.0 through 10.0 SP7, and 10.1 through 10.1 SP2.

CNA Affected

[
  {
    "product": "IP Office",
    "vendor": "Avaya",
    "versions": [
      {
        "status": "affected",
        "version": "9.1 through 9.1 SP12, 10.0 through 10.0 SP7, and 10.1 through 10.1 SP2"
      }
    ]
  }
]

References

downloads.avaya.com/css/P8/documents/101051984

packetstormsecurity.com/files/149284/Avaya-one-X-9.x-10.0.x-10.1.x-Arbitrary-File-Disclosure-Deletion.html

CVSS3

7.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H

AI Score

8.5

Confidence

High

EPSS

0.001

Percentile

35.3%

JSON

Related for CVELIST:CVE-2018-15610