Lucene search

AvayaCVELIST:CVE-2021-25654

HistoryJun 25, 2021 - 8:15 p.m.

CVE-2021-25654 Avaya Aura Device Services Arbitrary Code Execution Vulnerability

2021-06-2520:15:12

CWE-378

avaya

www.cve.org

avaya

aura

device services

code execution

vulnerability

local user

scripts

7.0

8.1.4.0

CVSS3

6.2

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L

EPSS

Percentile

5.1%

JSON

An arbitrary code execution vulnerability was discovered in Avaya Aura Device Services that may potentially allow a local user to execute specially crafted scripts. Affects 7.0 through 8.1.4.0 versions of Avaya Aura Device Services.

CNA Affected

[
  {
    "product": "Avaya Aura Devices Services",
    "vendor": "Avaya",
    "versions": [
      {
        "lessThanOrEqual": "8.1.4.0",
        "status": "affected",
        "version": "7.0.0",
        "versionType": "custom"
      }
    ]
  }
]

References

support.avaya.com/css/P8/documents/101076523

CVSS3

6.2

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L

EPSS

Percentile

5.1%

JSON

Related for CVELIST:CVE-2021-25654