Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2018-6635

System Manager in Avaya Aura before 7.1.2 does not properly use SSL in conjunction with authentication, which allows remote attackers to bypass intended Remote Method Invocation (RMI) restrictions, aka SMGR-26896.

Published

2018-02-05T18:29:01.013

Last Modified

2024-11-21T04:11:02.503

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 7.5 (HIGH)

CVSSv2 Vector

AV:N/AC:M/Au:S/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: SINGLE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

6.8

Impact Score

6.4

Weaknesses

Type: Primary
CWE-326

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	avaya	aura	≤ 7.1.1	Yes

References

http://www.securityfocus.com/bid/102940 Third Party Advisory, VDB Entry ([email protected])
http://www.securitytracker.com/id/1040329 Third Party Advisory, VDB Entry ([email protected])
https://downloads.avaya.com/css/P8/documents/101038598 Vendor Advisory ([email protected])
http://www.securityfocus.com/bid/102940 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1040329 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://downloads.avaya.com/css/P8/documents/101038598 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)