PT-2022-19817 · Avaya · Avaya Aura Application Enablement Services
Alexander Levesque
·
Published
2022-10-06
·
Updated
2022-12-02
·
CVE-2022-2975
CVSS v3.1
7.7
High
| Vector | AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Avaya Aura Application Enablement Services versions 8.0.0.0 through 8.1.3.4
Avaya Aura Application Enablement Services versions 10.1.0.0 through 10.1.0.1
Description
A vulnerability related to weak permissions was detected in the Avaya Aura Application Enablement Services web application. This issue allows an administrative user to modify accounts, leading to the execution of arbitrary code as the root user.
Recommendations
For versions 8.0.0.0 through 8.1.3.4, update to a version outside of this range to mitigate the risk.
For versions 10.1.0.0 through 10.1.0.1, update to a version outside of this range to mitigate the risk.
As a temporary workaround, consider restricting administrative access to the web application until a patch is available.
Fix
Improper Privilege Management
Incorrect Permission
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Avaya Aura Application Enablement Services