Overview
- Description
- A vulnerability in the local system administration component of Avaya Aura Communication Manager can allow an authenticated, privileged user on the local system to gain root privileges. Affected versions include 6.3.x and all 7.x version prior to 7.1.3.1.
- Source
- securityalerts@avaya.com
- NVD status
- Modified
Risk scores
CVSS 3.0
- Type
- Primary
- Base score
- 6.7
- Impact score
- 5.9
- Exploitability score
- 0.8
- Vector string
- CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 7.2
- Impact score
- 10
- Exploitability score
- 3.9
- Vector string
- AV:L/AC:L/Au:N/C:C/I:C/A:C
Weaknesses
- nvd@nist.gov
- NVD-CWE-noinfo
- securityalerts@avaya.com
- CWE-284
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:avaya:aura_communication_manager:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1F5C84B5-2345-4D8F-9524-85923B4452B3",
"versionEndIncluding": "6.3.17.0",
"versionStartIncluding": "6.3.0.1"
},
{
"criteria": "cpe:2.3:a:avaya:aura_communication_manager:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "579AA33E-74BC-4A14-ACF2-B9E7D4F5BE60",
"versionEndExcluding": "7.1.3.1",
"versionStartIncluding": "7.0"
}
],
"operator": "OR"
}
]
}
]