CVE-2018-15610
published 2018-09-12CVE-2018-15610: A vulnerability in the one-X Portal component of Avaya IP Office allows an authenticated attacker to read and delete arbitrary files on the system. Affected…
PriorityP352high8.8CVSS 3.0
AVNACLPRLUINSUCHIHAH
EPSS
1.85%
76.4th percentile
A vulnerability in the one-X Portal component of Avaya IP Office allows an authenticated attacker to read and delete arbitrary files on the system. Affected versions of Avaya IP Office include 9.1 through 9.1 SP12, 10.0 through 10.0 SP7, and 10.1 through 10.1 SP2.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| avaya | ip_office | — | — |
| avaya | ip_office | — | — |
| avaya | ip_office | — | — |
| avaya | ip_office | — | — |
CVSS provenance
nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.09.0CRITICALAV:N/AC:L/Au:S/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://downloads.avaya.com/css/P8/documents/101051984https://packetstormsecurity.com/files/149284/Avaya-one-X-9.x-10.0.x-10.1.x-Arbitrary-File-Disclosure-Deletion.htmlhttps://downloads.avaya.com/css/P8/documents/101051984https://packetstormsecurity.com/files/149284/Avaya-one-X-9.x-10.0.x-10.1.x-Arbitrary-File-Disclosure-Deletion.html
2018-09-12
Published