Lucene search

AvayaCVELIST:CVE-2023-3722

HistoryJul 19, 2023 - 7:56 p.m.

CVE-2023-3722 Avaya Aura Device Services Remote Code Execution

2023-07-1919:56:52

CWE-434

avaya

www.cve.org

avaya aura

device services

web application

os command injection

remote code execution

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

0.002 Low

EPSS

Percentile

61.1%

JSON

An OS command injection vulnerability was found in the Avaya Aura Device Services Web application which could allow remote code execution as the Web server user via a malicious uploaded file. This issue affects Avaya Aura Device Services version 8.1.4.0 and earlier.

CNA Affected

[
  {
    "defaultStatus": "affected",
    "product": "Aura Device Services",
    "vendor": "Avaya",
    "versions": [
      {
        "lessThan": "8.1.4.1",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

download.avaya.com/css/public/documents/101076366

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

0.002 Low

EPSS

Percentile

61.1%

JSON

Related for CVELIST:CVE-2023-3722