Lucene search

AvayaCVELIST:CVE-2020-7034

HistoryApr 23, 2021 - 8:15 p.m.

CVE-2020-7034 Command injection in Avaya Session Border Controller for Enterprise

2021-04-2320:15:15

CWE-78

avaya

www.cve.org

cve-2020-7034

avaya session border controller

command injection

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

9.1

Confidence

High

EPSS

0.001

Percentile

47.3%

JSON

A command injection vulnerability in Avaya Session Border Controller for Enterprise could allow an authenticated, remote attacker to send specially crafted messages and execute arbitrary commands with the affected system privileges. Affected versions of Avaya Session Border Controller for Enterprise include 7.x, 8.0 through 8.1.1.x

CNA Affected

[
  {
    "product": "Session Border Controller for Enterprise",
    "vendor": "Avaya",
    "versions": [
      {
        "status": "affected",
        "version": "7.x"
      },
      {
        "lessThanOrEqual": "8.1.1.x",
        "status": "affected",
        "version": "8.0",
        "versionType": "custom"
      }
    ]
  }
]

References

downloads.avaya.com/css/P8/documents/101075451

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

9.1

Confidence

High

EPSS

0.001

Percentile

47.3%

JSON

Related for CVELIST:CVE-2020-7034