CMS Supervisor Information Disclosure
CVE-2018-15615

7.2HIGH

Key Information:

Vendor: Avaya
Status: Call Management System Supervisor
Vendor: CVE Published:; 24 September 2018

Summary

A vulnerability in the Supervisor component of Avaya Call Management System allows local administrative user to extract sensitive information from users connecting to a remote CMS host. Affected versions of CMS Supervisor include R17.0.x and R18.0.x.

Affected Version(s)

Call Management System Supervisor Affected verisons include R17.0.x and R18.0.x

References

https://downloads.avaya.com/css/P8/documents/101052300

x_refsource_CONFIRM

http://www.securityfocus.com/bid/105392

vdb-entryx_refsource_BID

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Sep 24, 2018
Vulnerability Reserved
Aug 21, 2018