Lucene search

AvayaCVELIST:CVE-2021-25650

HistoryJun 24, 2021 - 8:55 a.m.

CVE-2021-25650 Avaya Aura Utility Services Privilege Escalation Vulnerability

2021-06-2408:55:25

CWE-250

avaya

www.cve.org

avaya

aura

utility services

privilege escalation

vulnerability

CVSS3

7.7

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N

AI Score

8.8

Confidence

High

EPSS

Percentile

5.1%

JSON

A privilege escalation vulnerability was discovered in Avaya Aura Utility Services that may potentially allow a local user to execute specially crafted scripts as a privileged user. Affects all 7.x versions of Avaya Aura Utility Services

CNA Affected

[
  {
    "product": "Avaya Aura Utility Services",
    "vendor": "Avaya",
    "versions": [
      {
        "lessThanOrEqual": "7.1.3.8",
        "status": "affected",
        "version": "7.0.0.0",
        "versionType": "custom"
      }
    ]
  }
]

References

support.avaya.com/css/P8/documents/101072728

CVSS3

7.7

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N

AI Score

8.8

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for CVELIST:CVE-2021-25650