CVE-2024-4196

Published: Jun 25, 2024Modified: Oct 1, 2025

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

An improper input validation vulnerability was discovered in Avaya IP Office that could allow remote command or code execution via a specially crafted web request to the Web Control component. Affected versions include all versions prior to 11.1.3.1.

Affected (1)

Products: Avaya: Ip Office

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Avaya Ip Office	Before 11.1.3.1

Related CWEs

Exposed IOCTL with Insufficient Access Control

The product implements an IOCTL with functionality that should be restricted, but it does not properly enforce access control for the IOCTL.

References (2)

https://download.avaya.com/css/public/documents/101090768

Source: securityalerts@avaya.com

Vendor Advisory

https://download.avaya.com/css/public/documents/101090768

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.