4 matches found
Avaya Aura Device Services - OS Command Injection
An OS command injection vulnerability was found in the Avaya Aura Device Services Web application which could allow remote code execution as the Web server user via a malicious uploaded file. This issue affects Avaya Aura Device Services version 8.1.4.0 and earlier. id: CVE-2023-3722 info: name:...
CVE-2023-3722
creationtimestamp| type| source ---|---|--- 2024-11-19 19:43:20+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/9091 2025-06-12 21:02:26+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3lrgszikoaa24...
Exploit for Unrestricted Upload of File with Dangerous Type in Avaya Aura_Device_Services
CVE-2023-3722 Python POC for CVE-2023-3722 Avaya Aura Device S...
CVE-2023-3722
Vulnerability summary (CVE-2023-3722) Avaya Aura Device Services Web, versions 8.1.4.0 and earlier, suffers an OS command injection via a malicious uploaded file, allowing remote code execution with the web server’s privileges. The issue affects the web interface and is documented as unauthentica...