cvelist/2020/7xxx/CVE-2020-7034.json

{
   "CVE_data_meta": {
      "ASSIGNER": "securityalerts@avaya.com",
      "DATE_PUBLIC": "2021-04-23T06:00:00.000Z",
      "ID": "CVE-2020-7034",
      "STATE": "PUBLIC",
      "TITLE": "Command injection in Avaya Session Border Controller for Enterprise"
   },
   "affects": {
      "vendor": {
         "vendor_data": [
            {
               "product": {
                  "product_data": [
                     {
                        "product_name": "Session Border Controller for Enterprise",
                        "version": {
                           "version_data": [
                              {
                                 "affected": "<=",
                                 "version_name": "8.0",
                                 "version_value": "8.1.1.x"
                              },
                              {
                                 "affected": "=",
                                 "version_name": "7.x",
                                 "version_value": "7.x"
                              }
                           ]
                        }
                     }
                  ]
               },
               "vendor_name": "Avaya"
            }
         ]
      }
   },
   "data_format": "MITRE",
   "data_type": "CVE",
   "data_version": "4.0",
   "description": {
      "description_data": [
         {
            "lang": "eng",
            "value": "A command injection vulnerability in Avaya Session Border Controller for Enterprise could allow an authenticated, remote attacker to send specially crafted messages and execute arbitrary commands with the affected system privileges. Affected versions of Avaya Session Border Controller for Enterprise include 7.x, 8.0 through 8.1.1.x"
         }
      ]
   },
   "impact": {
      "cvss": {
         "attackComplexity": "LOW",
         "attackVector": "NETWORK",
         "availabilityImpact": "HIGH",
         "baseScore": 7.2,
         "baseSeverity": "HIGH",
         "confidentialityImpact": "HIGH",
         "integrityImpact": "HIGH",
         "privilegesRequired": "HIGH",
         "scope": "UNCHANGED",
         "userInteraction": "NONE",
         "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
         "version": "3.1"
      }
   },
   "problemtype": {
      "problemtype_data": [
         {
            "description": [
               {
                  "lang": "eng",
                  "value": "CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')"
               }
            ]
         }
      ]
   },
   "references": {
      "reference_data": [
         {
            "name": "https://downloads.avaya.com/css/P8/documents/101075451",
            "refsource": "CONFIRM",
            "url": "https://downloads.avaya.com/css/P8/documents/101075451"
         }
      ]
   },
   "source": {
      "advisory": "ASA-2021-031"
   }
}
"-Synchronized-Data." 2020-01-14 14:01:07 +00:00			`{`
Initial publication of CVE-2020-7034 2021-04-23 14:12:27 -06:00			`"CVE_data_meta": {`
			`"ASSIGNER": "securityalerts@avaya.com",`
			`"DATE_PUBLIC": "2021-04-23T06:00:00.000Z",`
			`"ID": "CVE-2020-7034",`
			`"STATE": "PUBLIC",`
			`"TITLE": "Command injection in Avaya Session Border Controller for Enterprise"`
			`},`
			`"affects": {`
			`"vendor": {`
			`"vendor_data": [`
"-Synchronized-Data." 2020-01-14 14:01:07 +00:00			`{`
Initial publication of CVE-2020-7034 2021-04-23 14:12:27 -06:00			`"product": {`
			`"product_data": [`
			`{`
			`"product_name": "Session Border Controller for Enterprise",`
			`"version": {`
			`"version_data": [`
			`{`
			`"affected": "<=",`
			`"version_name": "8.0",`
			`"version_value": "8.1.1.x"`
			`},`
			`{`
			`"affected": "=",`
			`"version_name": "7.x",`
			`"version_value": "7.x"`
			`}`
			`]`
			`}`
			`}`
			`]`
			`},`
			`"vendor_name": "Avaya"`
"-Synchronized-Data." 2020-01-14 14:01:07 +00:00			`}`
Initial publication of CVE-2020-7034 2021-04-23 14:12:27 -06:00			`]`
			`}`
			`},`
			`"data_format": "MITRE",`
			`"data_type": "CVE",`
			`"data_version": "4.0",`
			`"description": {`
			`"description_data": [`
			`{`
			`"lang": "eng",`
			`"value": "A command injection vulnerability in Avaya Session Border Controller for Enterprise could allow an authenticated, remote attacker to send specially crafted messages and execute arbitrary commands with the affected system privileges. Affected versions of Avaya Session Border Controller for Enterprise include 7.x, 8.0 through 8.1.1.x"`
			`}`
			`]`
			`},`
			`"impact": {`
			`"cvss": {`
			`"attackComplexity": "LOW",`
			`"attackVector": "NETWORK",`
			`"availabilityImpact": "HIGH",`
			`"baseScore": 7.2,`
			`"baseSeverity": "HIGH",`
			`"confidentialityImpact": "HIGH",`
			`"integrityImpact": "HIGH",`
			`"privilegesRequired": "HIGH",`
			`"scope": "UNCHANGED",`
			`"userInteraction": "NONE",`
			`"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",`
			`"version": "3.1"`
			`}`
			`},`
			`"problemtype": {`
			`"problemtype_data": [`
			`{`
			`"description": [`
			`{`
			`"lang": "eng",`
			`"value": "CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')"`
			`}`
			`]`
			`}`
			`]`
			`},`
			`"references": {`
			`"reference_data": [`
			`{`
			`"name": "https://downloads.avaya.com/css/P8/documents/101075451",`
			`"refsource": "CONFIRM",`
			`"url": "https://downloads.avaya.com/css/P8/documents/101075451"`
			`}`
			`]`
			`},`
			`"source": {`
			`"advisory": "ASA-2021-031"`
			`}`
			`}`