CVE-2021-25649
Last modified
CVE-2021-25649 is a medium-severity vulnerability rated 5.5/10 on the CVSS scale. An information disclosure vulnerability was discovered in the directory and file management of Avaya Aura Utility Services. This vulnerability may potentially allow any local user to access system functionality and configuration information that should only be available to a privileged user. EPSS estimates a 0.62% chance of exploitation in the next 30 days.
Description
An information disclosure vulnerability was discovered in the directory and file management of Avaya Aura Utility Services. This vulnerability may potentially allow any local user to access system functionality and configuration information that should only be available to a privileged user. Affects all 7.x versions of Avaya Aura Utility Services
Metrics
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Avaya | Aura Utility Services | >= 7.0, <= 7.1.3 |
References
- https://support.avaya.com/css/P8/documents/101072728Vendor Advisory
- https://support.avaya.com/css/P8/documents/101072728Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2021-25649?
How severe is CVE-2021-25649?
How do I fix CVE-2021-25649?
Are you affected by CVE-2021-25649?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST