From b6751e531ff0def85b02f655b674210faa5df5b1 Mon Sep 17 00:00:00 2001 From: Goby <50955360+gobysec@users.noreply.github.com> Date: Wed, 21 Jun 2023 17:11:14 +0800 Subject: [PATCH] Create Avaya_Aura_Device_Services_PhoneBackup_File_Upload_Vulnerability.md add Avaya Aura Device Services PhoneBackup File Upload Vulnerability --- ...Services_PhoneBackup_File_Upload_Vulnerability.md | 12 ++++++++++++ 1 file changed, 12 insertions(+) create mode 100644 Avaya_Aura_Device_Services_PhoneBackup_File_Upload_Vulnerability.md diff --git a/Avaya_Aura_Device_Services_PhoneBackup_File_Upload_Vulnerability.md b/Avaya_Aura_Device_Services_PhoneBackup_File_Upload_Vulnerability.md new file mode 100644 index 0000000..996c518 --- /dev/null +++ b/Avaya_Aura_Device_Services_PhoneBackup_File_Upload_Vulnerability.md @@ -0,0 +1,12 @@ +## Avaya Aura Device Services PhoneBackup File Upload Vulnerability + +| **Vulnerability** | **Avaya Aura Device Services PhoneBackup File Upload Vulnerability** | +| :----: | :-----| +| **Chinese name** | Avaya Aura Device Services r软件 PhoneBackup 任意文件上传漏洞 | +| **CVSS core** | 9.0 | +| **FOFA Query** (click to view the results directly)| [((body="vmsTitle\">Avaya Aura™ Utility Server" \|\| body="/webhelp/Base/Utility_toc.htm" \|\| (body="Avaya Aura® Utility Services" && body="Avaya Inc. All Rights Reserved")) && body!="Server: couchdb")](https://en.fofa.info/result?qbase64=KChib2R5PSJ2bXNUaXRsZVwiPkF2YXlhIEF1cmEmIzg0ODI7Jm5ic3A7VXRpbGl0eSBTZXJ2ZXIiIHx8IGJvZHk9Ii93ZWJoZWxwL0Jhc2UvVXRpbGl0eV90b2MuaHRtIiB8fCAoYm9keT0iQXZheWEgQXVyYSZyZWc7Jm5ic3A7VXRpbGl0eSBTZXJ2aWNlcyIgJiYgYm9keT0iQXZheWEgSW5jLiBBbGwgUmlnaHRzIFJlc2VydmVkIikpICYmIGJvZHkhPSJTZXJ2ZXI6IGNvdWNoZGIiKQ%3D%3D) | +| **Number of assets affected** | 565 | +| **Description** | Avaya Aura Device Services is an application software of Avaya Corporation in the United States. Provides a function to manage Avaya endpoints. Avaya Aura Device Services versions 7.0 to 8.1.4.0 have security vulnerabilities. Attackers can bypass authentication and upload arbitrary files to obtain server permissions. | +| **Impact** | Avaya Aura Device Services versions 7.0 to 8.1.4.0 have security vulnerabilities. Attackers can bypass authentication and upload arbitrary files to obtain server permissions. | + +![](https://s3.bmp.ovh/imgs/2023/06/21/06ca1ac2bfc684e0.gif)