PT-2020-19347 · Avaya · Avaya Ip Office

Hyp3Rlinx

Published

2020-06-03

Updated

2020-06-09

CVE-2020-7030

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Avaya IP Office versions 9.x through 11.0.4.3

Description A sensitive information disclosure vulnerability was discovered in the web interface component of Avaya IP Office, potentially allowing a local user to gain unauthorized access to the component. This issue may lead to password disclosure.

Recommendations For versions 9.x through 11.0.4.3, consider restricting access to the web interface component until a patch is available. As a temporary workaround, disabling the web interface component may help minimize the risk of exploitation.

Exploit

Fix

Information Disclosure

Insufficiently Protected Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200CWE-522

Related Identifiers

CVE-2020-7030

Affected Products

Avaya Ip Office

PT-2020-19347 · Avaya · Avaya Ip Office

CVE-2020-7030

Weakness Enumeration

Related Identifiers

Affected Products

References · 9