CVE-2024-4196

Name of the Vulnerable Software and Affected Versions Avaya IP Office versions prior to 11.1.3.1

Description An improper input validation issue was discovered in Avaya IP Office, allowing remote command or code execution via a specially crafted web request to the Web Control component.

Recommendations For versions prior to 11.1.3.1, update to version 11.1.3.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the Web Control component to minimize the risk of exploitation.