CVE-2023-3722 – Avaya Aura Device Services Remote Code Execution
https://notcve.org/view.php?id=CVE-2023-3722
An OS command injection vulnerability was found in the Avaya Aura Device Services Web application which could allow remote code execution as the Web server user via a malicious uploaded file. This issue affects Avaya Aura Device Services version 8.1.4.0 and earlier. • https://download.avaya.com/css/public/documents/101076366 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2021-25654 – Avaya Aura Device Services Arbitrary Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-25654
An arbitrary code execution vulnerability was discovered in Avaya Aura Device Services that may potentially allow a local user to execute specially crafted scripts. Affects 7.0 through 8.1.4.0 versions of Avaya Aura Device Services. Se ha detectado una vulnerabilidad de ejecución de código arbitraria en Avaya Aura Device Services, que puede permitir a un usuario local ejecutar scripts especialmente diseñados. Afecta a versiones 7.0 hasta 8.1.4.0 de Avaya Aura Device Services • https://support.avaya.com/css/P8/documents/101076523 • CWE-378: Creation of Temporary File With Insecure Permissions •