CVE-2018-15610

EPSS 0.62%
Veröffentlicht 12.09.2018 21:29:00
Zuletzt bearbeitet 21.11.2024 03:51:10
Quelle securityalerts@avaya.com
Teams Watchlist Login
Unerledigt Login

A vulnerability in the one-X Portal component of Avaya IP Office allows an authenticated attacker to read and delete arbitrary files on the system. Affected versions of Avaya IP Office include 9.1 through 9.1 SP12, 10.0 through 10.0 SP7, and 10.1 through 10.1 SP2.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 2 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Avaya ≫ Ip Office Version9.1

Avaya ≫ Ip Office Version9.1 Updatesp1

Avaya ≫ Ip Office Version9.1 Updatesp10

Avaya ≫ Ip Office Version9.1 Updatesp11

Avaya ≫ Ip Office Version9.1 Updatesp12

Avaya ≫ Ip Office Version9.1 Updatesp2

Avaya ≫ Ip Office Version9.1 Updatesp3

Avaya ≫ Ip Office Version9.1 Updatesp4

Avaya ≫ Ip Office Version9.1 Updatesp5

Avaya ≫ Ip Office Version9.1 Updatesp6

Avaya ≫ Ip Office Version9.1 Updatesp7

Avaya ≫ Ip Office Version9.1 Updatesp8

Avaya ≫ Ip Office Version9.1 Updatesp9

Avaya ≫ Ip Office Version10.0

Avaya ≫ Ip Office Version10.0 Updatesp1

Avaya ≫ Ip Office Version10.0 Updatesp2

Avaya ≫ Ip Office Version10.0 Updatesp3

Avaya ≫ Ip Office Version10.0 Updatesp4

Avaya ≫ Ip Office Version10.0 Updatesp5

Avaya ≫ Ip Office Version10.0 Updatesp6

Avaya ≫ Ip Office Version10.0 Updatesp7

Avaya ≫ Ip Office Version10.1

Avaya ≫ Ip Office Version10.1 Updatesp1

Avaya ≫ Ip Office Version10.1 Updatesp2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.62%	0.674

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	9	8	10	AV:N/AC:L/Au:S/C:C/I:C/A:C
securityalerts@avaya.com	7.3	2.1	5.2	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

https://downloads.avaya.com/css/P8/documents/101051984

Vendor Advisory

https://packetstormsecurity.com/files/149284/Avaya-one-X-9.x-10.0.x-10.1.x-Arbitrary-File-Disclosure-Deletion.html

https://nvd.nist.gov/vuln/detail/CVE-2018-15610

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-15610

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-15610

EUVD