Vulnerability CVE-2018-15610


Published: 2018-09-12

Description:
A vulnerability in the one-X Portal component of Avaya IP Office allows an authenticated attacker to read and delete arbitrary files on the system. Affected versions of Avaya IP Office include 9.1 through 9.1 SP12, 10.0 through 10.0 SP7, and 10.1 through 10.1 SP2.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
Avaya one-X 9.x / 10.0.x / 10.1.x Arbitrary File Disclosure / Deletion
Pedro Andujar
11.09.2018

Type:

CWE-22

(Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'))

Vendor: Avaya
Product: Ip office 
Version:
9.1
10.1
10.0

CVSS2 => (AV:N/AC:L/Au:S/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
9/10
10/10
8/10
Exploit range
Attack complexity
Authentication
Remote
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete

 References:
https://downloads.avaya.com/css/P8/documents/101051984
https://packetstormsecurity.com/files/149284/Avaya-one-X-9.x-10.0.x-10.1.x-Arbitrary-File-Disclosure-Deletion.html

Related CVE
CVE-2016-5285
Null pointer dereference vulnerability exists in K11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime in NSS before 3.26, which causes the TLS/SSL server using NSS to crash.
CVE-2019-7000
A Cross-Site Scripting (XSS) vulnerability in the Web UI of Avaya Aura Conferencing may allow code execution and potentially disclose sensitive information. Affected versions of Avaya Aura Conferencing include all 8.x versions prior to 8.0 SP14 (8.0....
CVE-2019-7003
A SQL injection vulnerability in the reporting component of Avaya Control Manager could allow an unauthenticated attacker to execute arbitrary SQL commands and retrieve sensitive data related to other users on the system. Affected versions of Avaya C...
CVE-2018-8812
An issue was discovered in Avaya one-X Portal for IP Office 9.1.2.0 and prior. The DownloadToLocalDriveServlet function from the AFA portal is only intended to download backup ZIP files from the server to the operator desktop; however, a malicious us...
CVE-2019-7001
A SQL injection vulnerability in the WebUI component of IP Office Contact Center could allow an authenticated attacker to retrieve or alter sensitive data related to other users on the system. Affected versions of IP Office Contact Center include all...
CVE-2019-7006
Avaya one-X Communicator uses weak cryptographic algorithms in the client authentication component that could allow a local attacker to decrypt sensitive information. Affected versions include all 6.2.x versions prior to 6.2 SP13.
CVE-2018-15617
A vulnerability in the "capro" (Call Processor) process component of Avaya Aura Communication Manager could allow a remote, unauthenticated user to cause denial of service. Affected versions include 6.3.x, all 7.x versions prior to 7.1.3.2, and all 8...
CVE-2018-15614
A vulnerability in the one-x Portal component of IP Office could allow an authenticated user to perform stored cross site scripting attacks via fields in the Conference Scheduler Service that could affect other application users. Affected versions of...

Copyright 2019, cxsecurity.com

 

Back to Top