Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-7480

An Improper access control vulnerability was found in Avaya Aura System Manager which could allow a command-line interface (CLI) user with administrative privileges to read arbitrary files on the system. Affected versions include 10.1.x.x and 10.2.x.x. Versions prior to 10.1 are end of manufacturer support.

Published

2024-08-08T16:15:09.567

Last Modified

2024-09-11T15:03:37.293

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 4.2 (MEDIUM)

Weaknesses

Type: Secondary
CWE-269
Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	avaya	aura_system_manager	≤ 10.1.2	Yes
Application	avaya	aura_system_manager	10.2	Yes

References

https://download.avaya.com/css/public/documents/101091159 Vendor Advisory ([email protected])