CVE-2023-3722

EPSS 46.27%
Published 19.07.2023 20:15:11
Last modified 21.11.2024 08:17:55
Source securityalerts@avaya.com
Teams watchlist Login
Open Login

An OS command injection vulnerability was found in the Avaya Aura Device Services Web application which could allow remote code execution as the Web server user via a malicious uploaded file. This issue affects Avaya Aura Device Services version 8.1.4.0 and earlier.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Avaya ≫ Aura Device Services Version <= 8.1.4.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	46.27%	0.976

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
securityalerts@avaya.com	8.6	3.9	4.7	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

CWE-434 Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

https://download.avaya.com/css/public/documents/101076366

Release Notes

https://nvd.nist.gov/vuln/detail/CVE-2023-3722

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-3722

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-3722

EUVD