GobyVuls/Avaya_Aura_Device_Services_PhoneBackup_File_Upload_Vulnerability.md at master

mirror of https://github.com/gobysec/GobyVuls.git synced 2025-05-05 10:16:59 +00:00

add Avaya Aura Device Services PhoneBackup File Upload Vulnerability

2023-06-21 17:11:14 +08:00

Avaya Aura Device Services PhoneBackup File Upload Vulnerability

Vulnerability	Avaya Aura Device Services PhoneBackup File Upload Vulnerability
Chinese name	Avaya Aura Device Services r软件 PhoneBackup 任意文件上传漏洞
CVSS core	9.0
FOFA Query (click to view the results directly)	((body="vmsTitle">Avaya Aura™ Utility Server" \|\| body="/webhelp/Base/Utility_toc.htm" \|\| (body="Avaya Aura® Utility Services" && body="Avaya Inc. All Rights Reserved")) && body!="Server: couchdb")
Number of assets affected	565
Description	Avaya Aura Device Services is an application software of Avaya Corporation in the United States. Provides a function to manage Avaya endpoints. Avaya Aura Device Services versions 7.0 to 8.1.4.0 have security vulnerabilities. Attackers can bypass authentication and upload arbitrary files to obtain server permissions.
Impact	Avaya Aura Device Services versions 7.0 to 8.1.4.0 have security vulnerabilities. Attackers can bypass authentication and upload arbitrary files to obtain server permissions.