Avaya Call Management System CSV injection vulnerability
CVE-2023-3527

6.8MEDIUM

Key Information:

Vendor: Avaya
Status: Avaya Call Management System
Vendor: CVE Published:; 18 July 2023

Summary

A CSV injection vulnerability was found in the Avaya Call Management System (CMS) Supervisor web application which allows a user with administrative privileges to input crafted data which, when exported to a CSV file, may attempt arbitrary command execution on the system used to open the file by a spreadsheet software

such as Microsoft Excel.

Affected Version(s)

Avaya Call Management System 19.x.x.x

References

https://download.avaya.com/css/public/documents/101086364

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jul 18, 2023
Vulnerability Reserved
Jul 6, 2023