← Back

CVE-2024-7480

nvd nist
Published: Aug 8, 2024Modified: Oct 1, 2025

JSON object

Loading...
4.4
Vector
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Exploitability: 0.8 / Impact: 3.6
Source: NVD

Description

An Improper access control vulnerability was found in Avaya Aura System Manager which could allow a command-line interface (CLI) user with administrative privileges to read arbitrary files on the system. Affected versions include 10.1.x.x and 10.2.x.x. Versions prior to 10.1 are end of manufacturer support.

Affected (2)

Avaya
1 product
Aura System Manager
Configuration A
2 vulnerable
Vulnerable SoftwareAffected Versions
Avaya
Aura System Manager
From 10.1 to 10.1.2
Aura System Manager
Version 10.2

Related CWEs

CWE-266
Incorrect Privilege Assignment
A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

References (1)

Source: securityalerts@avaya.com
Vendor Advisory

Timeline

No history available yet.