Lucene search

AvayaVULNRICHMENT:CVE-2021-25649

HistoryJun 24, 2021 - 8:55 a.m.

CVE-2021-25649 Avaya Utility Services Sensitive Information Disclosure Vulnerability

2021-06-2408:55:23

CWE-200

avaya

github.com

avaya

information disclosure

vulnerability

directory management

file management

privileged user

7.x versions

CVSS3

4.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

AI Score

6.2

Confidence

Low

EPSS

Percentile

5.1%

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

An information disclosure vulnerability was discovered in the directory and file management of Avaya Aura Utility Services. This vulnerability may potentially allow any local user to access system functionality and configuration information that should only be available to a privileged user. Affects all 7.x versions of Avaya Aura Utility Services

CNA Affected

[
  {
    "vendor": "Avaya",
    "product": "Avaya Aura Utility Services",
    "versions": [
      {
        "status": "affected",
        "version": "7.0.0.0",
        "versionType": "custom",
        "lessThanOrEqual": "7.1.3.8"
      }
    ]
  }
]

References

support.avaya.com/css/P8/documents/101072728

CVSS3

4.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

AI Score

6.2

Confidence

Low

EPSS

Percentile

5.1%

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

Related for VULNRICHMENT:CVE-2021-25649