CVE-2024-7480

CWE-266CWE-269Improper Privilege Management3 documents3 sources
Severity
4.4MEDIUM
EPSS
0.1%
top 78.26%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Avaya Aura System Manager
Timeline
PublishedAug 8

Description

An Improper access control vulnerability was found in Avaya Aura System Manager which could allow a command-line interface (CLI) user with administrative privileges to read arbitrary files on the system. Affected versions include 10.1.x.x and 10.2.x.x. Versions prior to 10.1 are end of manufacturer support.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:NExploitability: 0.6 | Impact: 3.6

Affected Packages2 packages

NVDavaya/aura_system_manager10.110.1.2+1
CVEListV5avaya/aura_system_manager10.1.x.x, 10.2.x.x+1

🔴Vulnerability Details

2
CVEList
Improper access control in Avaya Aura System Manager2024-08-08
GHSA
GHSA-2hrx-xx6v-c3v2: An Improper access control vulnerability was found in Avaya Aura System Manager which could allow a command-line interface (CLI) user with administrat2024-08-08
CVE-2024-7480 (MEDIUM CVSS 4.4) | An Improper access control vulnerab | cvebase.io