Communication Manager Local Administrator PrivEsc
CVE-2018-15611

6.3MEDIUM

Key Information:

Vendor

Avaya
Status
Communication Manager
Vendor
CVE Published:
27 September 2018

What is CVE-2018-15611?

A vulnerability in the local system administration component of Avaya Aura Communication Manager can allow an authenticated, privileged user on the local system to gain root privileges. Affected versions include 6.3.x and all 7.x version prior to 7.1.3.1.

Affected Version(s)

Communication Manager 7.1.3.1 < 7.x*

Communication Manager 6.3.x < 6.3.x*

References

https://downloads.avaya.com/css/P8/documents/101052550
x_refsource_CONFIRM

CVSS V3.1

Score:
6.3
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
High
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.