CVE-2024-7480

An Improper access control vulnerability was found in Avaya Aura System Manager which could allow a command-line interface (CLI) user with administrative privileges to read arbitrary files on the system. Affected versions include 10.1.x.x and 10.2.x.x. Versions prior to 10.1 are end of manufacturer support.

CVSS v3 4.2 MEDIUM

4.2^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 0.6 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://download.avaya.com/css/public/documents/101091159	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:avaya:aura_system_manager::::::::
	cpe:2.3:a:avaya:aura_system_manager:10.2:::::::*

History

01 Oct 2025, 02:15

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~4.4~~	v2 : unknown v3 : 4.2
CWE	~~CWE-269~~	CWE-266

11 Sep 2024, 15:03

Type	Values Removed	Values Added
Summary		(es) Se encontró una vulnerabilidad de control de acceso inadecuado en Avaya Aura System Manager que podría permitir a un usuario de interfaz de línea de comandos (CLI) con privilegios administrativos leer archivos arbitrarios en el sistema. Las versiones afectadas incluyen 10.1.xx y 10.2.xx. Las versiones anteriores a 10.1 finalizan el soporte del fabricante.
CVSS	v2 : ~~unknown~~ v3 : ~~4.2~~	v2 : unknown v3 : 4.4
First Time		Avaya aura System Manager Avaya
CPE		cpe:2.3:a:avaya:aura_system_manager:::::::: cpe:2.3:a:avaya:aura_system_manager:10.2:::::::*
References	~~() https://download.avaya.com/css/public/documents/101091159 -~~	() https://download.avaya.com/css/public/documents/101091159 - Vendor Advisory
CWE		NVD-CWE-noinfo

08 Aug 2024, 16:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-08-08 16:15

Updated : 2025-10-01 02:15

NVD link : CVE-2024-7480

Mitre link : CVE-2024-7480

CVE.ORG link : CVE-2024-7480

JSON object : View

Products Affected

avaya

aura_system_manager

CWE

CWE-266

Incorrect Privilege Assignment

NVD-CWE-noinfo

{"id": "CVE-2024-7480", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "securityalerts@avaya.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.2, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 0.6}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.4, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 0.8}]}, "published": "2024-08-08T16:15:09.567", "references": [{"url": "https://download.avaya.com/css/public/documents/101091159", "tags": ["Vendor Advisory"], "source": "securityalerts@avaya.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "securityalerts@avaya.com", "description": [{"lang": "en", "value": "CWE-266"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "An\u00a0Improper access control vulnerability was found in Avaya Aura System Manager which could allow a command-line interface (CLI) user with administrative privileges to read arbitrary files on the system.\u00a0Affected versions include 10.1.x.x and 10.2.x.x. Versions prior to 10.1 are end of manufacturer support."}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad de control de acceso inadecuado en Avaya Aura System Manager que podr\u00eda permitir a un usuario de interfaz de l\u00ednea de comandos (CLI) con privilegios administrativos leer archivos arbitrarios en el sistema. Las versiones afectadas incluyen 10.1.xx y 10.2.xx. Las versiones anteriores a 10.1 finalizan el soporte del fabricante."}], "lastModified": "2025-10-01T02:15:33.437", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:avaya:aura_system_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "263DE525-434E-48C3-A891-8CF42C0AEBC8", "versionEndIncluding": "10.1.2", "versionStartIncluding": "10.1"}, {"criteria": "cpe:2.3:a:avaya:aura_system_manager:10.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2D5372F1-A670-44CD-B834-A3126F83F9D9"}], "operator": "OR"}]}], "sourceIdentifier": "securityalerts@avaya.com"}