CVE-2021-25652
Last modified
CVE-2021-25652 is a medium-severity vulnerability rated 5.5/10 on the CVSS scale. An information disclosure vulnerability was discovered in the directory and file management of Avaya Aura Appliance Virtualization Platform Utilities (AVPU). This vulnerability may potentially allow any local user to access system functionality and configuration information that should only be available to a privileged user. EPSS estimates a 0.70% chance of exploitation in the next 30 days.
Description
An information disclosure vulnerability was discovered in the directory and file management of Avaya Aura Appliance Virtualization Platform Utilities (AVPU). This vulnerability may potentially allow any local user to access system functionality and configuration information that should only be available to a privileged user. Affects versions 8.0.0.0 through 8.1.3.1 of AVPU.
Metrics
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Avaya | Aura Appliance Virtualization Platform | >= 8.0.0.0, <= 8.1.3.1 |
References
- https://support.avaya.com/css/P8/documents/101076479Vendor Advisory
- https://support.avaya.com/css/P8/documents/101076479Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2021-25652?
How severe is CVE-2021-25652?
How do I fix CVE-2021-25652?
Are you affected by CVE-2021-25652?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST