CVE-2018-15610
Improper access controls in IP Office one-X Portal
Severity Score
8.8
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
A vulnerability in the one-X Portal component of Avaya IP Office allows an authenticated attacker to read and delete arbitrary files on the system. Affected versions of Avaya IP Office include 9.1 through 9.1 SP12, 10.0 through 10.0 SP7, and 10.1 through 10.1 SP2.
Una vulnerabilidad en el componente one-X Portal de Avaya IP Office permite que un atacante autenticado lea y elimine archivos arbitrarios en el sistema. Las versiones afectadas de Avaya IP Office incluyen desde la 9.1 hasta la 9.1 SP12, desde la 10.0 hasta la 10.0 SP7 y desde la 10.1 hasta la 10.1 SP2.
Avaya one-X versions 9.x, 10.0.x, and 10.1.x suffer from arbitrary file disclosure and deletion vulnerabilities.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2018-08-21 CVE Reserved
- 2018-09-10 CVE Published
- 2024-08-05 CVE Updated
- 2024-08-22 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
- CWE-284: Improper Access Control
CAPEC
References (2)
URL | Tag | Source |
---|---|---|
https://packetstormsecurity.com/files/149284/Avaya-one-X-9.x-10.0.x-10.1.x-Arbitrary-File-Disclosure-Deletion.html | X_refsource_misc |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://downloads.avaya.com/css/P8/documents/101051984 | 2019-10-03 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Avaya Search vendor "Avaya" | Ip Office Search vendor "Avaya" for product "Ip Office" | 9.1 Search vendor "Avaya" for product "Ip Office" and version "9.1" | - |
Affected
| ||||||
Avaya Search vendor "Avaya" | Ip Office Search vendor "Avaya" for product "Ip Office" | 9.1 Search vendor "Avaya" for product "Ip Office" and version "9.1" | sp1 |
Affected
| ||||||
Avaya Search vendor "Avaya" | Ip Office Search vendor "Avaya" for product "Ip Office" | 9.1 Search vendor "Avaya" for product "Ip Office" and version "9.1" | sp10 |
Affected
| ||||||
Avaya Search vendor "Avaya" | Ip Office Search vendor "Avaya" for product "Ip Office" | 9.1 Search vendor "Avaya" for product "Ip Office" and version "9.1" | sp11 |
Affected
| ||||||
Avaya Search vendor "Avaya" | Ip Office Search vendor "Avaya" for product "Ip Office" | 9.1 Search vendor "Avaya" for product "Ip Office" and version "9.1" | sp12 |
Affected
| ||||||
Avaya Search vendor "Avaya" | Ip Office Search vendor "Avaya" for product "Ip Office" | 9.1 Search vendor "Avaya" for product "Ip Office" and version "9.1" | sp2 |
Affected
| ||||||
Avaya Search vendor "Avaya" | Ip Office Search vendor "Avaya" for product "Ip Office" | 9.1 Search vendor "Avaya" for product "Ip Office" and version "9.1" | sp3 |
Affected
| ||||||
Avaya Search vendor "Avaya" | Ip Office Search vendor "Avaya" for product "Ip Office" | 9.1 Search vendor "Avaya" for product "Ip Office" and version "9.1" | sp4 |
Affected
| ||||||
Avaya Search vendor "Avaya" | Ip Office Search vendor "Avaya" for product "Ip Office" | 9.1 Search vendor "Avaya" for product "Ip Office" and version "9.1" | sp5 |
Affected
| ||||||
Avaya Search vendor "Avaya" | Ip Office Search vendor "Avaya" for product "Ip Office" | 9.1 Search vendor "Avaya" for product "Ip Office" and version "9.1" | sp6 |
Affected
| ||||||
Avaya Search vendor "Avaya" | Ip Office Search vendor "Avaya" for product "Ip Office" | 9.1 Search vendor "Avaya" for product "Ip Office" and version "9.1" | sp7 |
Affected
| ||||||
Avaya Search vendor "Avaya" | Ip Office Search vendor "Avaya" for product "Ip Office" | 9.1 Search vendor "Avaya" for product "Ip Office" and version "9.1" | sp8 |
Affected
| ||||||
Avaya Search vendor "Avaya" | Ip Office Search vendor "Avaya" for product "Ip Office" | 9.1 Search vendor "Avaya" for product "Ip Office" and version "9.1" | sp9 |
Affected
| ||||||
Avaya Search vendor "Avaya" | Ip Office Search vendor "Avaya" for product "Ip Office" | 10.0 Search vendor "Avaya" for product "Ip Office" and version "10.0" | - |
Affected
| ||||||
Avaya Search vendor "Avaya" | Ip Office Search vendor "Avaya" for product "Ip Office" | 10.0 Search vendor "Avaya" for product "Ip Office" and version "10.0" | sp1 |
Affected
| ||||||
Avaya Search vendor "Avaya" | Ip Office Search vendor "Avaya" for product "Ip Office" | 10.0 Search vendor "Avaya" for product "Ip Office" and version "10.0" | sp2 |
Affected
| ||||||
Avaya Search vendor "Avaya" | Ip Office Search vendor "Avaya" for product "Ip Office" | 10.0 Search vendor "Avaya" for product "Ip Office" and version "10.0" | sp3 |
Affected
| ||||||
Avaya Search vendor "Avaya" | Ip Office Search vendor "Avaya" for product "Ip Office" | 10.0 Search vendor "Avaya" for product "Ip Office" and version "10.0" | sp4 |
Affected
| ||||||
Avaya Search vendor "Avaya" | Ip Office Search vendor "Avaya" for product "Ip Office" | 10.0 Search vendor "Avaya" for product "Ip Office" and version "10.0" | sp5 |
Affected
| ||||||
Avaya Search vendor "Avaya" | Ip Office Search vendor "Avaya" for product "Ip Office" | 10.0 Search vendor "Avaya" for product "Ip Office" and version "10.0" | sp6 |
Affected
| ||||||
Avaya Search vendor "Avaya" | Ip Office Search vendor "Avaya" for product "Ip Office" | 10.0 Search vendor "Avaya" for product "Ip Office" and version "10.0" | sp7 |
Affected
| ||||||
Avaya Search vendor "Avaya" | Ip Office Search vendor "Avaya" for product "Ip Office" | 10.1 Search vendor "Avaya" for product "Ip Office" and version "10.1" | - |
Affected
| ||||||
Avaya Search vendor "Avaya" | Ip Office Search vendor "Avaya" for product "Ip Office" | 10.1 Search vendor "Avaya" for product "Ip Office" and version "10.1" | sp1 |
Affected
| ||||||
Avaya Search vendor "Avaya" | Ip Office Search vendor "Avaya" for product "Ip Office" | 10.1 Search vendor "Avaya" for product "Ip Office" and version "10.1" | sp2 |
Affected
|