Lucene search

AvayaCVELIST:CVE-2020-7034

HistoryApr 23, 2021 - 12:00 a.m.

CVE-2020-7034 Command injection in Avaya Session Border Controller for Enterprise

2021-04-2300:00:00

CWE-78

avaya

www.cve.org

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

9.1 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

47.5%

JSON

A command injection vulnerability in Avaya Session Border Controller for Enterprise could allow an authenticated, remote attacker to send specially crafted messages and execute arbitrary commands with the affected system privileges. Affected versions of Avaya Session Border Controller for Enterprise include 7.x, 8.0 through 8.1.1.x

CNA Affected

[
  {
    "product": "Session Border Controller for Enterprise",
    "vendor": "Avaya",
    "versions": [
      {
        "status": "affected",
        "version": "7.x"
      },
      {
        "lessThanOrEqual": "8.1.1.x",
        "status": "affected",
        "version": "8.0",
        "versionType": "custom"
      }
    ]
  }
]

References

downloads.avaya.com/css/P8/documents/101075451

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

9.1 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

47.5%

JSON

Related for CVELIST:CVE-2020-7034