CVE-2018-15616

Published: Oct 17, 2018Modified: Nov 21, 2024

9.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

A vulnerability in the Web UI component of Avaya Aura System Platform could allow a remote, unauthenticated user to perform a targeted deserialization attack that could result in remote code execution. Affected versions of System Platform includes 6.3.0 through 6.3.9 and 6.4.0 through 6.4.2.

Affected (2)

Products: Avaya: Avaya Aura System Platform

1 product

Avaya Aura System Platform

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Avaya Avaya Aura System Platform	From 6.3.0 to 6.3.9
Avaya Avaya Aura System Platform	From 6.4.0 to 6.4.2

Related CWEs

Deserialization of Untrusted Data

The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

References (2)

https://downloads.avaya.com/css/P8/documents/101052865

Source: securityalerts@avaya.com

ExploitVendor Advisory

https://downloads.avaya.com/css/P8/documents/101052865

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitVendor Advisory

Timeline

No history available yet.