Roberto Olivero

**Name of the Vulnerable Software and Affected Versions** Avaya Call Management System versions 18.x, 19.x prior to 19.2.0.7, and 20.x prior to 20.0.1.0. **Description** An improper input validation in Avaya Call Management System could allow an unauthorized remote command via a specially crafted web request. **Recommendations** For versions 18.x, consider applying a patch or fix when available. For versions 19.x prior to 19.2.0.7, update to version 19.2.0.7 or later. For versions 20.x prior to 20.0.1.0, update to version 20.0.1.0 or later. As a temporary workaround, consider restricting access to the web request interface to minimize the risk of exploitation.