Vulnerability CVE-2018-8812


Published: 2019-05-10

Description:
An issue was discovered in Avaya one-X Portal for IP Office 9.1.2.0 and prior. The DownloadToLocalDriveServlet function from the AFA portal is only intended to download backup ZIP files from the server to the operator desktop; however, a malicious user capable of intercepting the HTTP request would be able to modify folder and filename parameters in order to get access to any file on the underlying operating system, as demonstrated by a folder=/etc/&filename=passwd query string. Additionally it could cause a DoS, as this functions also implements file deletion after downloading.

Type:

CWE-20

(Improper Input Validation)

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.4/10
4.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
Partial
Affected software
Avaya -> Ip office 

 References:
http://avaya.com
http://one-x.com
https://packetstormsecurity.com/files/149284/Avaya-one-X-9.x-10.0.x-10.1.x-Arbitrary-File-Disclosure-Deletion.html

Copyright 2020, cxsecurity.com

 

Back to Top