CVE-2022-2249

Published: Oct 12, 2022Modified: Nov 21, 2024

6.7

Vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 0.8 / Impact: 5.9

Source: NVD

Description

Privilege escalation related vulnerabilities were discovered in Avaya Aura Communication Manager that may allow local administrative users to escalate their privileges. This issue affects Communication Manager versions 8.0.0.0 through 8.1.3.3 and 10.1.0.0.

Affected (2)

Products: Avaya: Aura Communication Manager

1 product

Aura Communication Manager

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Avaya Aura Communication Manager	From 8.0 to 8.1.3.4
Avaya Aura Communication Manager	Version 10.1.0.0

Related CWEs

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (2)

https://download.avaya.com/css/public/documents/101083760

Source: securityalerts@avaya.com

Release NotesVendor Advisory

https://download.avaya.com/css/public/documents/101083760

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

Timeline

No history available yet.