CVE-2022-2975
Last modified
CVE-2022-2975 is a medium-severity vulnerability rated 6.7/10 on the CVSS scale. A vulnerability related to weak permissions was detected in Avaya Aura Application Enablement Services web application, allowing an administrative user to modify accounts leading to execution of arbitrary code as the root user. This issue affects Application Enablement Services versions 8.0.0.0 through 8.1.3.4 and 10.1.0.0 through 10.1.0.1. EPSS estimates a 0.20% chance of exploitation in the next 30 days.
Description
A vulnerability related to weak permissions was detected in Avaya Aura Application Enablement Services web application, allowing an administrative user to modify accounts leading to execution of arbitrary code as the root user. This issue affects Application Enablement Services versions 8.0.0.0 through 8.1.3.4 and 10.1.0.0 through 10.1.0.1. Versions prior to 8.0.0.0 are end of manufacturing support and were not evaluated.
Metrics
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Avaya | Aura Application Enablement Services | >= 8.0.0.0, < 8.1.3.5 |
| Avaya | Aura Application Enablement Services | >= 10.1.0.0, < 10.1.0.2 |
References
- https://download.avaya.com/css/public/documents/101083688Vendor Advisory
- https://download.avaya.com/css/public/documents/101083688Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2022-2975?
How severe is CVE-2022-2975?
How do I fix CVE-2022-2975?
Are you affected by CVE-2022-2975?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST