Lucene search

AvayaCVELIST:CVE-2018-15611

HistorySep 27, 2018 - 12:00 a.m.

CVE-2018-15611 Communication Manager Local Administrator PrivEsc

2018-09-2700:00:00

CWE-284

avaya

www.cve.org

6.3 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

12.8%

JSON

A vulnerability in the local system administration component of Avaya Aura Communication Manager can allow an authenticated, privileged user on the local system to gain root privileges. Affected versions include 6.3.x and all 7.x version prior to 7.1.3.1.

CNA Affected

[
  {
    "product": "Communication Manager",
    "vendor": "Avaya",
    "versions": [
      {
        "lessThan": "7.x*",
        "status": "affected",
        "version": "7.1.3.1",
        "versionType": "custom"
      },
      {
        "lessThan": "6.3.x*",
        "status": "affected",
        "version": "6.3.x",
        "versionType": "custom"
      }
    ]
  }
]

References

downloads.avaya.com/css/P8/documents/101052550

6.3 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

12.8%

JSON

Related for CVELIST:CVE-2018-15611