9.9
CVE-2025-1041
- EPSS 0.47%
- Veröffentlicht 10.06.2025 06:15:22
- Zuletzt bearbeitet 30.07.2025 17:59:01
- Quelle securityalerts@avaya.com
- CVE-Watchlists
- Unerledigt
Avaya Call Management System RCE vulnerability
An improper input validation discovered in Avaya Call Management System could allow an unauthorized remote command via a specially crafted web request. Affected versions include 18.x, 19.x prior to 19.2.0.7, and 20.x prior to 20.0.1.0.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Avaya ≫ Call Management System Version >= 18.0.0.1 < 19.2.0.7
Avaya ≫ Call Management System Version >= 20.0 < 20.0.1.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.47% | 0.647 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| securityalerts@avaya.com | 9.9 | 3.1 | 6 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.