CVE-2024-7480

An Improper access control vulnerability was found in Avaya Aura System Manager which could allow a command-line interface (CLI) user with administrative privileges to read arbitrary files on the system. Affected versions include 10.1.x.x and 10.2.x.x. Versions prior to 10.1 are end of manufacturer support.

CVSS v3 4.2 MEDIUM

4.2^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 0.6 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://download.avaya.com/css/public/documents/101091159	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:avaya:aura_system_manager::::::::
	cpe:2.3:a:avaya:aura_system_manager:10.2:::::::*

History

No history.

Information

Published : 2024-08-08 16:15

Updated : 2024-09-11 15:03

NVD link : CVE-2024-7480

Mitre link : CVE-2024-7480

CVE.ORG link : CVE-2024-7480

JSON object : View

Products Affected

avaya

aura_system_manager

CWE

CWE-269

Improper Privilege Management

NVD-CWE-noinfo

{"id": "CVE-2024-7480", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "securityalerts@avaya.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.2, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 0.6}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.4, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 0.8}]}, "published": "2024-08-08T16:15:09.567", "references": [{"url": "https://download.avaya.com/css/public/documents/101091159", "tags": ["Vendor Advisory"], "source": "securityalerts@avaya.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "securityalerts@avaya.com", "description": [{"lang": "en", "value": "CWE-269"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "An\u00a0Improper access control vulnerability was found in Avaya Aura System Manager which could allow a command-line interface (CLI) user with administrative privileges to read arbitrary files on the system.\u00a0Affected versions include 10.1.x.x and 10.2.x.x. Versions prior to 10.1 are end of manufacturer support."}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad de control de acceso inadecuado en Avaya Aura System Manager que podr\u00eda permitir a un usuario de interfaz de l\u00ednea de comandos (CLI) con privilegios administrativos leer archivos arbitrarios en el sistema. Las versiones afectadas incluyen 10.1.xx y 10.2.xx. Las versiones anteriores a 10.1 finalizan el soporte del fabricante."}], "lastModified": "2024-09-11T15:03:37.293", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:avaya:aura_system_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "263DE525-434E-48C3-A891-8CF42C0AEBC8", "versionEndIncluding": "10.1.2", "versionStartIncluding": "10.1"}, {"criteria": "cpe:2.3:a:avaya:aura_system_manager:10.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2D5372F1-A670-44CD-B834-A3126F83F9D9"}], "operator": "OR"}]}], "sourceIdentifier": "securityalerts@avaya.com"}