4.4
CVE-2024-7480
- EPSS 0.06%
- Veröffentlicht 08.08.2024 16:15:09
- Zuletzt bearbeitet 01.10.2025 02:15:33
- Quelle securityalerts@avaya.com
- Teams Watchlist Login
- Unerledigt Login
An Improper access control vulnerability was found in Avaya Aura System Manager which could allow a command-line interface (CLI) user with administrative privileges to read arbitrary files on the system. Affected versions include 10.1.x.x and 10.2.x.x. Versions prior to 10.1 are end of manufacturer support.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Avaya ≫ Aura System Manager Version >= 10.1 <= 10.1.2
Avaya ≫ Aura System Manager Version10.2
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.06% | 0.202 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.4 | 0.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
|
| securityalerts@avaya.com | 4.2 | 0.6 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N
|
CWE-266 Incorrect Privilege Assignment
A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.