GobyVuls/Avaya_Aura_Device_Services_PhoneBackup_File_Upload_Vulnerability.md

## Avaya Aura Device Services PhoneBackup File Upload Vulnerability

|   **Vulnerability**  | **Avaya Aura Device Services PhoneBackup File Upload Vulnerability**  |
| :----:   | :-----|
| **Chinese name**  | Avaya Aura Device Services r软件 PhoneBackup 任意文件上传漏洞 |
| **CVSS core**  | 9.0 |
| **FOFA Query**  (click to view the results directly)| [((body="vmsTitle\">Avaya Aura&#8482;&nbsp;Utility Server" \|\| body="/webhelp/Base/Utility_toc.htm" \|\| (body="Avaya Aura&reg;&nbsp;Utility Services" && body="Avaya Inc. All Rights Reserved")) && body!="Server: couchdb")](https://en.fofa.info/result?qbase64=KChib2R5PSJ2bXNUaXRsZVwiPkF2YXlhIEF1cmEmIzg0ODI7Jm5ic3A7VXRpbGl0eSBTZXJ2ZXIiIHx8IGJvZHk9Ii93ZWJoZWxwL0Jhc2UvVXRpbGl0eV90b2MuaHRtIiB8fCAoYm9keT0iQXZheWEgQXVyYSZyZWc7Jm5ic3A7VXRpbGl0eSBTZXJ2aWNlcyIgJiYgYm9keT0iQXZheWEgSW5jLiBBbGwgUmlnaHRzIFJlc2VydmVkIikpICYmIGJvZHkhPSJTZXJ2ZXI6IGNvdWNoZGIiKQ%3D%3D) |
| **Number of assets affected**  | 565 |
| **Description**  | Avaya Aura Device Services is an application software of Avaya Corporation in the United States. Provides a function to manage Avaya endpoints. Avaya Aura Device Services versions 7.0 to 8.1.4.0 have security vulnerabilities. Attackers can bypass authentication and upload arbitrary files to obtain server permissions. |
| **Impact** | Avaya Aura Device Services versions 7.0 to 8.1.4.0 have security vulnerabilities. Attackers can bypass authentication and upload arbitrary files to obtain server permissions. |

![](https://s3.bmp.ovh/imgs/2023/06/21/06ca1ac2bfc684e0.gif)
Create Avaya_Aura_Device_Services_PhoneBackup_File_Upload_Vulnerability.md add Avaya Aura Device Services PhoneBackup File Upload Vulnerability 2023-06-21 17:11:14 +08:00			`## Avaya Aura Device Services PhoneBackup File Upload Vulnerability`

			`\| Vulnerability \| Avaya Aura Device Services PhoneBackup File Upload Vulnerability \|`
			`\| :----: \| :-----\|`
			`\| Chinese name \| Avaya Aura Device Services r软件 PhoneBackup 任意文件上传漏洞 \|`
			`\| CVSS core \| 9.0 \|`
			\| FOFA Query (click to view the results directly)\| [((body="vmsTitle\">Avaya Aura™ Utility Server" \\|\\| body="/webhelp/Base/Utility_toc.htm" \\|\\| (body="Avaya Aura® Utility Services" && body="Avaya Inc. All Rights Reserved")) && body!="Server: couchdb")](https://en.fofa.info/result?qbase64=KChib2R5PSJ2bXNUaXRsZVwiPkF2YXlhIEF1cmEmIzg0ODI7Jm5ic3A7VXRpbGl0eSBTZXJ2ZXIiIHx8IGJvZHk9Ii93ZWJoZWxwL0Jhc2UvVXRpbGl0eV90b2MuaHRtIiB8fCAoYm9keT0iQXZheWEgQXVyYSZyZWc7Jm5ic3A7VXRpbGl0eSBTZXJ2aWNlcyIgJiYgYm9keT0iQXZheWEgSW5jLiBBbGwgUmlnaHRzIFJlc2VydmVkIikpICYmIGJvZHkhPSJTZXJ2ZXI6IGNvdWNoZGIiKQ%3D%3D) \|
			`\| Number of assets affected \| 565 \|`
			`\| Description \| Avaya Aura Device Services is an application software of Avaya Corporation in the United States. Provides a function to manage Avaya endpoints. Avaya Aura Device Services versions 7.0 to 8.1.4.0 have security vulnerabilities. Attackers can bypass authentication and upload arbitrary files to obtain server permissions. \|`
			`\| Impact \| Avaya Aura Device Services versions 7.0 to 8.1.4.0 have security vulnerabilities. Attackers can bypass authentication and upload arbitrary files to obtain server permissions. \|`

			`![](https://s3.bmp.ovh/imgs/2023/06/21/06ca1ac2bfc684e0.gif)`