Lucene search

AvayaCVELIST:CVE-2024-7480

HistoryAug 08, 2024 - 4:04 p.m.

CVE-2024-7480 Improper access control in Avaya Aura System Manager

2024-08-0816:04:25

CWE-269

avaya

www.cve.org

avaya aura system manager

improper access control

cve-2024-7480

command-line interface

administrative privileges

CVSS3

4.2

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N

EPSS

Percentile

9.5%

JSON

An Improper access control vulnerability was found in Avaya Aura System Manager which could allow a command-line interface (CLI) user with administrative privileges to read arbitrary files on the system. Affected versions include 10.1.x.x and 10.2.x.x. Versions prior to 10.1 are end of manufacturer support.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Aura System Manager",
    "vendor": "Avaya",
    "versions": [
      {
        "status": "affected",
        "version": "10.1.x.x"
      },
      {
        "status": "affected",
        "version": "10.2.x.x"
      }
    ]
  }
]

References

download.avaya.com/css/public/documents/101091159

CVSS3

4.2

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N

EPSS

Percentile

9.5%

JSON

Related for CVELIST:CVE-2024-7480