CVE-2022-2249

CWE-269 — Improper Privilege Management3 documents3 sources

Severity

6.7MEDIUM

EPSS

0.1%

top 81.87%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Avaya Aura Communication Manager Avaya Avaya Aura Communication Manager

Timeline

PublishedOct 12

Latest updateOct 13

Description

Privilege escalation related vulnerabilities were discovered in Avaya Aura Communication Manager that may allow local administrative users to escalate their privileges. This issue affects Communication Manager versions 8.0.0.0 through 8.1.3.3 and 10.1.0.0.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:HExploitability: 1.1 | Impact: 6.0

Affected Packages2 packages

▶NVDavaya/aura_communication_manager8.0 — 8.1.3.4+1

▶CVEListV5avaya/avaya_aura_communication_manager8.x — 8.1.3.3+1

🔴Vulnerability Details

GHSA

GHSA-ggr7-6fj3-6vpv: Privilege escalation related vulnerabilities were discovered in Avaya Aura Communication Manager that may allow local administrative users to escalate↗2022-10-13

▶

CVEList

Avaya Aura Communication Manager Privilege Escalation Vulnerabilities↗2022-10-12

▶