| Vulnerability Name: | CVE-2018-15610 (CCN-149755) | ||||||||||||
| Assigned: | 2018-09-10 | ||||||||||||
| Published: | 2018-09-10 | ||||||||||||
| Updated: | 2019-10-03 | ||||||||||||
| Summary: | A vulnerability in the one-X Portal component of Avaya IP Office allows an authenticated attacker to read and delete arbitrary files on the system. Affected versions of Avaya IP Office include 9.1 through 9.1 SP12, 10.0 through 10.0 SP7, and 10.1 through 10.1 SP2. | ||||||||||||
| CVSS v3 Severity: | 8.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) 7.7 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
6.5 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C)
| ||||||||||||
| CVSS v2 Severity: | 9.0 High (CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C)
| ||||||||||||
| Vulnerability Type: | CWE-22 | ||||||||||||
| Vulnerability Consequences: | Obtain Information | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2018-15610 Source: CCN Type: Avaya Security Advisories 101051984 one-X portal security update (CVE-2018-15610) Source: CONFIRM Type: Vendor Advisory https://downloads.avaya.com/css/P8/documents/101051984 Source: XF Type: UNKNOWN avaya-cve201815610-file-download(149755) Source: CCN Type: Packet Storm Security [09-10-2018] Avaya one-X 9.x / 10.0.x / 10.1.x Arbitrary File Disclosure / Deletion Source: MISC Type: UNKNOWN https://packetstormsecurity.com/files/149284/Avaya-one-X-9.x-10.0.x-10.1.x-Arbitrary-File-Disclosure-Deletion.html | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||
| BACK | |||||||||||||