CVE-2024-7480

An Improper access control vulnerability was found in Avaya Aura System Manager which could allow a command-line interface (CLI) user with administrative privileges to read arbitrary files on the system. Affected versions include 10.1.x.x and 10.2.x.x. Versions prior to 10.1 are end of manufacturer support.
References
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:avaya:aura_system_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:avaya:aura_system_manager:10.2:*:*:*:*:*:*:*

History

11 Sep 2024, 15:03

Type Values Removed Values Added
Summary
  • (es) Se encontró una vulnerabilidad de control de acceso inadecuado en Avaya Aura System Manager que podría permitir a un usuario de interfaz de línea de comandos (CLI) con privilegios administrativos leer archivos arbitrarios en el sistema. Las versiones afectadas incluyen 10.1.xx y 10.2.xx. Las versiones anteriores a 10.1 finalizan el soporte del fabricante.
CVSS v2 : unknown
v3 : 4.2
v2 : unknown
v3 : 4.4
First Time Avaya aura System Manager
Avaya
References () https://download.avaya.com/css/public/documents/101091159 - () https://download.avaya.com/css/public/documents/101091159 - Vendor Advisory
CWE NVD-CWE-noinfo
CPE cpe:2.3:a:avaya:aura_system_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:avaya:aura_system_manager:10.2:*:*:*:*:*:*:*

08 Aug 2024, 16:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-08 16:15

Updated : 2024-09-11 15:03


NVD link : CVE-2024-7480

Mitre link : CVE-2024-7480

CVE.ORG link : CVE-2024-7480


JSON object : View

Products Affected

avaya

  • aura_system_manager
CWE
NVD-CWE-noinfo CWE-269

Improper Privilege Management