CVE-2019-7007

CWE-22 — Path Traversal3 documents3 sources

Severity

8.6HIGH

EPSS

1.4%

top 19.83%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Avaya Equinox Conferencing Management (iview)Avaya Aura Conferencing

Timeline

PublishedFeb 28

Latest updateMay 24

Description

A directory traversal vulnerability has been found in the Avaya Equinox Management(iView)versions R9.1.9.0 and earlier. Successful exploitation could potentially allow an unauthenticated attacker to access files that are outside the restricted directory on the remote server.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5avaya/equinox_conferencing_management_(iview)9.1 — 9.1.9.0

▶NVDavaya/aura_conferencing9.0 — 9.1.9.0

Patches

Patch: downloads.avaya.com ↗Patch: downloads.avaya.com ↗

🔴Vulnerability Details

GHSA

GHSA-7ghg-ph3f-6pjf: A directory traversal vulnerability has been found in the Avaya Equinox Management(iView)versions R9↗2022-05-24

▶

CVEList

Avaya Equinox Conferencing Management (iView) Directory Traversal Vulnerability↗2020-02-28

▶