Lucene search

AvayaCVELIST:CVE-2019-7007

HistoryFeb 28, 2020 - 10:00 p.m.

CVE-2019-7007 Avaya Equinox Conferencing Management (iView) Directory Traversal Vulnerability

2020-02-2822:00:17

CWE-22

avaya

www.cve.org

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

8.6

Confidence

High

EPSS

0.002

Percentile

64.7%

JSON

A directory traversal vulnerability has been found in the Avaya Equinox Management(iView)versions R9.1.9.0 and earlier. Successful exploitation could potentially allow an unauthenticated attacker to access files that are outside the restricted directory on the remote server.

CNA Affected

[
  {
    "product": "Equinox Conferencing Management (iView)",
    "vendor": "Avaya",
    "versions": [
      {
        "lessThanOrEqual": "9.1.9.0",
        "status": "affected",
        "version": "9.1",
        "versionType": "custom"
      }
    ]
  }
]

References

downloads.avaya.com/css/P8/documents/101064450

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

8.6

Confidence

High

EPSS

0.002

Percentile

64.7%

JSON

Related for CVELIST:CVE-2019-7007