CVE-2018-15610 update from Avaya CNA

2025-06-12 02:05:39 +00:00 · 2018-09-11 14:18:10 -06:00 · 2018-09-11 14:18:10 -06:00 · 8f5f389dff
commit 8f5f389dff
parent 09c5ff891b
1 changed files with 78 additions and 11 deletions
--- a/2018/15xxx/CVE-2018-15610.json
+++ b/2018/15xxx/CVE-2018-15610.json
@ -1,18 +1,85 @@
 {
-   "CVE_data_meta" : {
-      "ASSIGNER" : "cve@mitre.org",
-      "ID" : "CVE-2018-15610",
-      "STATE" : "RESERVED"
+   "CVE_data_meta": {
+      "ASSIGNER": "Avaya, Inc",
+      "ID": "CVE-2018-15610",
+      "STATE": "PUBLIC",
+      "TITLE": "Improper access controls in IP Office one-X Portal"
   },
-   "data_format" : "MITRE",
-   "data_type" : "CVE",
-   "data_version" : "4.0",
-   "description" : {
-      "description_data" : [
+   "affects": {
+      "vendor": {
+         "vendor_data": [
+            {
+               "product": {
+                  "product_data": [
+                     {
+                        "product_name": "IP Office",
+                        "version": {
+                           "version_data": [
+                              {
+                                 "affected": ">=",
+                                 "version_name": "9.1.2",
+                                 "version_value": "10.0"
+                              }
+                           ]
+                        }
+                     }
+                  ]
+               },
+               "vendor_name": "Avaya"
+            }
+         ]
+      }
+   },
+   "data_format": "MITRE",
+   "data_type": "CVE",
+   "data_version": "4.0",
+   "description": {
+      "description_data": [
         {
-            "lang" : "eng",
-            "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem.  When the candidate has been publicized, the details for this candidate will be provided."
+            "lang": "eng",
+            "value": "A  vulnerability in the one-X Portal component of Avaya IP Office allows an authenticated attacker to read and delete arbitrary files on the system.\nAffected versions of Avaya IP Office include 9.1 through 9.1 SP12, 10.0 through 10.0 SP7, and 10.1 through 10.1 SP2."
         }
      ]
+   },
+   "impact": {
+      "cvss": {
+         "attackComplexity": "LOW",
+         "attackVector": "NETWORK",
+         "availabilityImpact": "HIGH",
+         "baseScore": 7.3,
+         "baseSeverity": "HIGH",
+         "confidentialityImpact": "HIGH",
+         "integrityImpact": "NONE",
+         "privilegesRequired": "LOW",
+         "scope": "UNCHANGED",
+         "userInteraction": "REQUIRED",
+         "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H",
+         "version": "3.0"
+      }
+   },
+   "problemtype": {
+      "problemtype_data": [
+         {
+            "description": [
+               {
+                  "lang": "eng",
+                  "value": "CWE-284: Improper Access Control"
+               }
+            ]
+         }
+      ]
+   },
+   "references": {
+      "reference_data": [
+         {
+            "name": "ASA-2018-256",
+            "refsource": "CONFIRM",
+            "url": "https://downloads.avaya.com/css/P8/documents/101051984"
+         }
+      ]
+   },
+   "source": {
+      "advisory": "ASA-2018-256",
+      "discovery": "EXTERNAL"
   }
 }