Avaya Product System Management Interface Cross-Site Request Forgery Vulnerability

CVE-2020-7029

6.4MEDIUM

Key Information

Vendor
Avaya
Status
Avaya Aura Communication Manager
Avaya Aura Messaging
Vendor
CVE Published:
11 August 2020

Summary

A Cross-Site Request Forgery (CSRF) vulnerability was discovered in the System Management Interface Web component of Avaya Aura Communication Manager and Avaya Aura Messaging. This vulnerability could allow an unauthenticated remote attacker to perform Web administration actions with the privileged level of the authenticated user. Affected versions of Communication Manager are 7.0.x, 7.1.x prior to 7.1.3.5 and 8.0.x. Affected versions of Messaging are 7.0.x, 7.1 and 7.1 SP1.

Affected Version(s)

Avaya Aura Communication Manager = 8.0.x

Avaya Aura Communication Manager <= 7.1.3.4

Avaya Aura Messaging <= 7.1 SP1

References

CVSS V3.1

Score:
6.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
High
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database
.