cbcvebase.
CVE-2023-3527
published 2023-07-18

CVE-2023-3527: A CSV injection vulnerability was found in the Avaya Call Management System (CMS) Supervisor web application which allows a user with administrative privileges…

PriorityP433medium6.8CVSS 3.1
AVNACLPRHUIRSUCHIHAH
EPSS
0.54%
41.3th percentile
A CSV injection vulnerability was found in the Avaya Call Management System (CMS) Supervisor web application which allows a user with administrative privileges to input crafted data which, when exported to a CSV file, may attempt arbitrary command execution on the system used to open the file by a spreadsheet software such as Microsoft Excel.

Affected

2 ranges
VendorProductVersion rangeFixed in
avayaavaya_call_management_system
avayacall_management_system< 20.0.0.020.0.0.0
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.