Lucene search

[email protected]CVE-2023-3722

HistoryJul 19, 2023 - 8:15 p.m.

CVE-2023-3722

2023-07-1920:15:11

CWE-434

[email protected]

web.nvd.nist.gov

avaya

aura

device services

web application

cve-2023-3722

os command injection

remote code execution

security vulnerability

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.7 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

61.0%

JSON

An OS command injection vulnerability was found in the Avaya Aura Device Services Web application which could allow remote code execution as the Web server user via a malicious uploaded file. This issue affects Avaya Aura Device Services version 8.1.4.0 and earlier.

Affected configurations

NVD

Node

avayaaura_device_servicesRange≤8.1.4.0

CPENameOperatorVersion
avaya:aura_device_servicesavaya aura device servicesle8.1.4.0

CPE	Name	Operator	Version
avaya:aura_device_services	avaya aura device services	le	8.1.4.0

CNA Affected

[
  {
    "defaultStatus": "affected",
    "product": "Aura Device Services",
    "vendor": "Avaya",
    "versions": [
      {
        "lessThan": "8.1.4.1",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

download.avaya.com/css/public/documents/101076366

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.7 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

61.0%

JSON

Related for CVE-2023-3722

cvelist1 nvd1 prion1