Communication Manager Denial of Service
CVE-2018-15617

6.5MEDIUM

Key Information:

Vendor: Avaya
Status: Communication Manager
Vendor: CVE Published:; 1 February 2019

Summary

A vulnerability in the "capro" (Call Processor) process component of Avaya Aura Communication Manager could allow a remote, unauthenticated user to cause denial of service. Affected versions include 6.3.x, all 7.x versions prior to 7.1.3.2, and all 8.x versions prior to 8.0.1.

Affected Version(s)

Communication Manager 6.3.x

Communication Manager 7.1.x <= 7.1.3.2

Communication Manager 8.x <= 8.0.1

References

http://www.securityfocus.com/bid/106826

vdb-entryx_refsource_BID

https://downloads.avaya.com/css/P8/documents/101055396

x_refsource_CONFIRM

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 1, 2019
Vulnerability Reserved
Aug 21, 2018