CMS Supervisor Information Disclosure

CVE-2018-15615

7.2HIGH

Key Information

Vendor: Avaya
Status: Call Management System Supervisor
Vendor: CVE Published:; 24 September 2018

Summary

A vulnerability in the Supervisor component of Avaya Call Management System allows local administrative user to extract sensitive information from users connecting to a remote CMS host. Affected versions of CMS Supervisor include R17.0.x and R18.0.x.

Affected Version(s)

Call Management System Supervisor = Affected verisons include R17.0.x and R18.0.x

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Risk change from: 4.4 to: 7.2 - (HIGH)
Feb 22, 2024
Vulnerability published.
Sep 24, 2018
Vulnerability Reserved.
Aug 21, 2018

Collectors

NVD DatabaseMitre Database