From 8f5f389dffed5b81ff469fb911a885a2eee799cd Mon Sep 17 00:00:00 2001
From: AvayaSecurityAlerts <jwmagdziarz@avaya.com>
Date: Tue, 11 Sep 2018 14:18:10 -0600
Subject: [PATCH] CVE-2018-15610 update from Avaya CNA

---
 2018/15xxx/CVE-2018-15610.json | 89 +++++++++++++++++++++++++++++-----
 1 file changed, 78 insertions(+), 11 deletions(-)

diff --git a/2018/15xxx/CVE-2018-15610.json b/2018/15xxx/CVE-2018-15610.json
index b9d33932fa5..28e68cb8afc 100644
--- a/2018/15xxx/CVE-2018-15610.json
+++ b/2018/15xxx/CVE-2018-15610.json
@@ -1,18 +1,85 @@
 {
-   "CVE_data_meta" : {
-      "ASSIGNER" : "cve@mitre.org",
-      "ID" : "CVE-2018-15610",
-      "STATE" : "RESERVED"
+   "CVE_data_meta": {
+      "ASSIGNER": "Avaya, Inc",
+      "ID": "CVE-2018-15610",
+      "STATE": "PUBLIC",
+      "TITLE": "Improper access controls in IP Office one-X Portal"
    },
-   "data_format" : "MITRE",
-   "data_type" : "CVE",
-   "data_version" : "4.0",
-   "description" : {
-      "description_data" : [
+   "affects": {
+      "vendor": {
+         "vendor_data": [
+            {
+               "product": {
+                  "product_data": [
+                     {
+                        "product_name": "IP Office",
+                        "version": {
+                           "version_data": [
+                              {
+                                 "affected": ">=",
+                                 "version_name": "9.1.2",
+                                 "version_value": "10.0"
+                              }
+                           ]
+                        }
+                     }
+                  ]
+               },
+               "vendor_name": "Avaya"
+            }
+         ]
+      }
+   },
+   "data_format": "MITRE",
+   "data_type": "CVE",
+   "data_version": "4.0",
+   "description": {
+      "description_data": [
          {
-            "lang" : "eng",
-            "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem.  When the candidate has been publicized, the details for this candidate will be provided."
+            "lang": "eng",
+            "value": "A  vulnerability in the one-X Portal component of Avaya IP Office allows an authenticated attacker to read and delete arbitrary files on the system.\nAffected versions of Avaya IP Office include 9.1 through 9.1 SP12, 10.0 through 10.0 SP7, and 10.1 through 10.1 SP2."
          }
       ]
+   },
+   "impact": {
+      "cvss": {
+         "attackComplexity": "LOW",
+         "attackVector": "NETWORK",
+         "availabilityImpact": "HIGH",
+         "baseScore": 7.3,
+         "baseSeverity": "HIGH",
+         "confidentialityImpact": "HIGH",
+         "integrityImpact": "NONE",
+         "privilegesRequired": "LOW",
+         "scope": "UNCHANGED",
+         "userInteraction": "REQUIRED",
+         "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H",
+         "version": "3.0"
+      }
+   },
+   "problemtype": {
+      "problemtype_data": [
+         {
+            "description": [
+               {
+                  "lang": "eng",
+                  "value": "CWE-284: Improper Access Control"
+               }
+            ]
+         }
+      ]
+   },
+   "references": {
+      "reference_data": [
+         {
+            "name": "ASA-2018-256",
+            "refsource": "CONFIRM",
+            "url": "https://downloads.avaya.com/css/P8/documents/101051984"
+         }
+      ]
+   },
+   "source": {
+      "advisory": "ASA-2018-256",
+      "discovery": "EXTERNAL"
    }
 }