CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4197 – Avaya IP Office One-X Portal File Upload Vulnerability
https://notcve.org/view.php?id=CVE-2024-4197
25 Jun 2024 — An unrestricted file upload vulnerability in Avaya IP Office was discovered that could allow remote command or code execution via the One-X component. Affected versions include all versions prior to 11.1.3.1. An unrestricted file upload vulnerability in Avaya IP Office was discovered that could allow remote command or code execution via the One-X component. Affected versions include all versions prior to 11.1.3.1. • https://download.avaya.com/css/public/documents/101090768 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4196 – Avaya IP Office Web Control RCE Vulnerability
https://notcve.org/view.php?id=CVE-2024-4196
25 Jun 2024 — An improper input validation vulnerability was discovered in Avaya IP Office that could allow remote command or code execution via a specially crafted web request to the Web Control component. Affected versions include all versions prior to 11.1.3.1. • https://download.avaya.com/css/public/documents/101090768 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 1CVE-2021-25657 – Avaya IP Office Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-25657
02 Sep 2022 — A privilege escalation vulnerability was discovered in Avaya IP Office Admin Lite and USB Creator that may potentially allow a local user to escalate privileges. This issue affects Admin Lite and USB Creator 11.1 Feature Pack 2 Service Pack 1 and earlier versions. Se ha detectado una vulnerabilidad de escalada de privilegios en Avaya IP Office Admin Lite y USB Creator que podría permitir a un usuario local escalar privilegios. Este problema afecta a Admin Lite y USB Creator versión 11.1 Feature Pack 2 Servi... • https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2022/MNDT-2022-0037/MNDT-2022-0037.md • CWE-269: Improper Privilege Management •