Avaya Product System Management Interface Cross-Site Request Forgery Vulnerability
CVE-2020-7029
6.4MEDIUM
Key Information
- Vendor
- Avaya
- Status
- Avaya Aura Communication Manager
- Avaya Aura Messaging
- Vendor
- CVE Published:
- 11 August 2020
Summary
A Cross-Site Request Forgery (CSRF) vulnerability was discovered in the System Management Interface Web component of Avaya Aura Communication Manager and Avaya Aura Messaging. This vulnerability could allow an unauthenticated remote attacker to perform Web administration actions with the privileged level of the authenticated user. Affected versions of Communication Manager are 7.0.x, 7.1.x prior to 7.1.3.5 and 8.0.x. Affected versions of Messaging are 7.0.x, 7.1 and 7.1 SP1.
Affected Version(s)
Avaya Aura Communication Manager = 8.0.x
Avaya Aura Communication Manager <= 7.1.3.4
Avaya Aura Messaging <= 7.1 SP1
References
CVSS V3.1
Score:
6.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
High
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Collectors
NVD DatabaseMitre Database