CVE-2024-4197 – Avaya IP Office One-X Portal File Upload Vulnerability
https://notcve.org/view.php?id=CVE-2024-4197
An unrestricted file upload vulnerability in Avaya IP Office was discovered that could allow remote command or code execution via the One-X component. Affected versions include all versions prior to 11.1.3.1. • https://download.avaya.com/css/public/documents/101090768 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2024-4196 – Avaya IP Office Web Control RCE Vulnerability
https://notcve.org/view.php?id=CVE-2024-4196
An improper input validation vulnerability was discovered in Avaya IP Office that could allow remote command or code execution via a specially crafted web request to the Web Control component. Affected versions include all versions prior to 11.1.3.1. • https://download.avaya.com/css/public/documents/101090768 • CWE-20: Improper Input Validation •
CVE-2021-25657 – Avaya IP Office Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-25657
A privilege escalation vulnerability was discovered in Avaya IP Office Admin Lite and USB Creator that may potentially allow a local user to escalate privileges. This issue affects Admin Lite and USB Creator 11.1 Feature Pack 2 Service Pack 1 and earlier versions. Se ha detectado una vulnerabilidad de escalada de privilegios en Avaya IP Office Admin Lite y USB Creator que podría permitir a un usuario local escalar privilegios. Este problema afecta a Admin Lite y USB Creator versión 11.1 Feature Pack 2 Service Pack 1 y versiones anteriores • https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2022/MNDT-2022-0037/MNDT-2022-0037.md https://support.avaya.com/css/P8/documents/101083319 • CWE-269: Improper Privilege Management •
CVE-2019-7005 – Unauthenticated Information Disclosure Vulnerability in IP Office
https://notcve.org/view.php?id=CVE-2019-7005
A vulnerability was discovered in the web interface component of IP Office that may potentially allow a remote, unauthenticated user with network access to gain sensitive information. Affected versions of IP Office include: 9.x, 10.0 through 10.1.0.7 and 11.0 through 11.0.4.2. Se detectó una vulnerabilidad en el componente de la interfaz web de IP Office que puede permitir potencialmente a un usuario remoto no autenticado con acceso a la red conseguir información confidencial. Las versiones afectadas de IP Office incluyen: versiones 9.x, versiones 10.0 hasta 10.1.0.7 y versiones 11.0 hasta 11.0.4.2 • https://downloads.avaya.com/css/P8/documents/101070158 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2020-7030 – IPO Information Disclosure
https://notcve.org/view.php?id=CVE-2020-7030
A sensitive information disclosure vulnerability was discovered in the web interface component of IP Office that may potentially allow a local user to gain unauthorized access to the component. Affected versions of IP Office include: 9.x, 10.0 through 10.1.0.7 and 11.0 though 11.0.4.3. Se detectó una vulnerabilidad de divulgación de información confidencial en el componente web interface de IP Office, que puede permitir potencialmente a un usuario local conseguir acceso no autorizado al componente. Las versiones afectadas de IP Office incluyen: 9.x, 10.0 hasta 10.1.0.7 y 11.0 hasta 11.0.4.3 Avaya IP Office versions 9.1.8.0 through 11 suffer from an insecure transit vulnerability that allows for password disclosure. • https://www.exploit-db.com/exploits/48581 http://packetstormsecurity.com/files/157957/Avaya-IP-Office-11-Insecure-Transit-Password-Disclosure.html http://seclists.org/fulldisclosure/2020/Jun/12 https://downloads.avaya.com/css/P8/documents/101067493 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-522: Insufficiently Protected Credentials •