// For flags

CVE-2018-15610

Improper access controls in IP Office one-X Portal

Severity Score

8.8
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

A vulnerability in the one-X Portal component of Avaya IP Office allows an authenticated attacker to read and delete arbitrary files on the system. Affected versions of Avaya IP Office include 9.1 through 9.1 SP12, 10.0 through 10.0 SP7, and 10.1 through 10.1 SP2.

Una vulnerabilidad en el componente one-X Portal de Avaya IP Office permite que un atacante autenticado lea y elimine archivos arbitrarios en el sistema. Las versiones afectadas de Avaya IP Office incluyen desde la 9.1 hasta la 9.1 SP12, desde la 10.0 hasta la 10.0 SP7 y desde la 10.1 hasta la 10.1 SP2.

Avaya one-X versions 9.x, 10.0.x, and 10.1.x suffer from arbitrary file disclosure and deletion vulnerabilities.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
Single
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2018-08-21 CVE Reserved
  • 2018-09-10 CVE Published
  • 2024-08-05 CVE Updated
  • 2024-08-22 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
  • CWE-284: Improper Access Control
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Avaya
Search vendor "Avaya"
Ip Office
Search vendor "Avaya" for product "Ip Office"
9.1
Search vendor "Avaya" for product "Ip Office" and version "9.1"
-
Affected
Avaya
Search vendor "Avaya"
Ip Office
Search vendor "Avaya" for product "Ip Office"
9.1
Search vendor "Avaya" for product "Ip Office" and version "9.1"
sp1
Affected
Avaya
Search vendor "Avaya"
Ip Office
Search vendor "Avaya" for product "Ip Office"
9.1
Search vendor "Avaya" for product "Ip Office" and version "9.1"
sp10
Affected
Avaya
Search vendor "Avaya"
Ip Office
Search vendor "Avaya" for product "Ip Office"
9.1
Search vendor "Avaya" for product "Ip Office" and version "9.1"
sp11
Affected
Avaya
Search vendor "Avaya"
Ip Office
Search vendor "Avaya" for product "Ip Office"
9.1
Search vendor "Avaya" for product "Ip Office" and version "9.1"
sp12
Affected
Avaya
Search vendor "Avaya"
Ip Office
Search vendor "Avaya" for product "Ip Office"
9.1
Search vendor "Avaya" for product "Ip Office" and version "9.1"
sp2
Affected
Avaya
Search vendor "Avaya"
Ip Office
Search vendor "Avaya" for product "Ip Office"
9.1
Search vendor "Avaya" for product "Ip Office" and version "9.1"
sp3
Affected
Avaya
Search vendor "Avaya"
Ip Office
Search vendor "Avaya" for product "Ip Office"
9.1
Search vendor "Avaya" for product "Ip Office" and version "9.1"
sp4
Affected
Avaya
Search vendor "Avaya"
Ip Office
Search vendor "Avaya" for product "Ip Office"
9.1
Search vendor "Avaya" for product "Ip Office" and version "9.1"
sp5
Affected
Avaya
Search vendor "Avaya"
Ip Office
Search vendor "Avaya" for product "Ip Office"
9.1
Search vendor "Avaya" for product "Ip Office" and version "9.1"
sp6
Affected
Avaya
Search vendor "Avaya"
Ip Office
Search vendor "Avaya" for product "Ip Office"
9.1
Search vendor "Avaya" for product "Ip Office" and version "9.1"
sp7
Affected
Avaya
Search vendor "Avaya"
Ip Office
Search vendor "Avaya" for product "Ip Office"
9.1
Search vendor "Avaya" for product "Ip Office" and version "9.1"
sp8
Affected
Avaya
Search vendor "Avaya"
Ip Office
Search vendor "Avaya" for product "Ip Office"
9.1
Search vendor "Avaya" for product "Ip Office" and version "9.1"
sp9
Affected
Avaya
Search vendor "Avaya"
Ip Office
Search vendor "Avaya" for product "Ip Office"
10.0
Search vendor "Avaya" for product "Ip Office" and version "10.0"
-
Affected
Avaya
Search vendor "Avaya"
Ip Office
Search vendor "Avaya" for product "Ip Office"
10.0
Search vendor "Avaya" for product "Ip Office" and version "10.0"
sp1
Affected
Avaya
Search vendor "Avaya"
Ip Office
Search vendor "Avaya" for product "Ip Office"
10.0
Search vendor "Avaya" for product "Ip Office" and version "10.0"
sp2
Affected
Avaya
Search vendor "Avaya"
Ip Office
Search vendor "Avaya" for product "Ip Office"
10.0
Search vendor "Avaya" for product "Ip Office" and version "10.0"
sp3
Affected
Avaya
Search vendor "Avaya"
Ip Office
Search vendor "Avaya" for product "Ip Office"
10.0
Search vendor "Avaya" for product "Ip Office" and version "10.0"
sp4
Affected
Avaya
Search vendor "Avaya"
Ip Office
Search vendor "Avaya" for product "Ip Office"
10.0
Search vendor "Avaya" for product "Ip Office" and version "10.0"
sp5
Affected
Avaya
Search vendor "Avaya"
Ip Office
Search vendor "Avaya" for product "Ip Office"
10.0
Search vendor "Avaya" for product "Ip Office" and version "10.0"
sp6
Affected
Avaya
Search vendor "Avaya"
Ip Office
Search vendor "Avaya" for product "Ip Office"
10.0
Search vendor "Avaya" for product "Ip Office" and version "10.0"
sp7
Affected
Avaya
Search vendor "Avaya"
Ip Office
Search vendor "Avaya" for product "Ip Office"
10.1
Search vendor "Avaya" for product "Ip Office" and version "10.1"
-
Affected
Avaya
Search vendor "Avaya"
Ip Office
Search vendor "Avaya" for product "Ip Office"
10.1
Search vendor "Avaya" for product "Ip Office" and version "10.1"
sp1
Affected
Avaya
Search vendor "Avaya"
Ip Office
Search vendor "Avaya" for product "Ip Office"
10.1
Search vendor "Avaya" for product "Ip Office" and version "10.1"
sp2
Affected