Access Control Flaw in Avaya Scopia Pathfinder Affects User Authentication
CVE-2022-38168

9.1CRITICAL

Key Information:

Vendor: Avaya
Status: Scopia Pathfinder 10 Pts Firmware
Vendor: CVE Published:; 3 November 2022

Summary

An access control vulnerability in Avaya Scopia Pathfinder allows remote unauthenticated attackers to bypass the login page. By modifying URLs, attackers can gain unauthorized access to sensitive user information and perform actions such as resetting user passwords. This vulnerability can pose significant risks to the integrity and confidentiality of user accounts.

References

https://medium.com/%40rob_nes/avaya-scopia-pathfinder-bro...

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 3, 2022
Vulnerability Reserved
Aug 11, 2022