CVE-2018-15611

CWE-284 — Improper Access Control3 documents3 sources

Severity

6.7MEDIUM

EPSS

0.0%

top 90.04%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Avaya Communication Manager Avaya Aura Communication Manager

Timeline

PublishedSep 27

Latest updateMay 13

Description

A vulnerability in the local system administration component of Avaya Aura Communication Manager can allow an authenticated, privileged user on the local system to gain root privileges. Affected versions include 6.3.x and all 7.x version prior to 7.1.3.1.

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:HExploitability: 0.3 | Impact: 5.9

Affected Packages2 packages

▶NVDavaya/aura_communication_manager7.0 — 7.1.3.1+1

▶CVEListV5avaya/communication_manager7.1.3.1 — 7.x*+1

🔴Vulnerability Details

GHSA

GHSA-pj9j-p4rf-x438: A vulnerability in the local system administration component of Avaya Aura Communication Manager can allow an authenticated, privileged user on the lo↗2022-05-13

▶

CVEList

Communication Manager Local Administrator PrivEsc↗2018-09-27

▶