Auto-merge PR#1432

2025-08-04 08:44:25 +00:00 · 2021-04-23 16:15:21 -04:00 · 2021-04-23 16:15:21 -04:00 · 9b1f6d3d81
commit 9b1f6d3d81
parent 71cb689b9f fbbf48f094
1 changed files with 87 additions and 15 deletions
--- a/2020/7xxx/CVE-2020-7034.json
+++ b/2020/7xxx/CVE-2020-7034.json
@ -1,18 +1,90 @@
 {
-    "data_type": "CVE",
-    "data_format": "MITRE",
-    "data_version": "4.0",
-    "CVE_data_meta": {
-        "ID": "CVE-2020-7034",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
-    },
-    "description": {
-        "description_data": [
+   "CVE_data_meta": {
+      "ASSIGNER": "securityalerts@avaya.com",
+      "DATE_PUBLIC": "2021-04-23T06:00:00.000Z",
+      "ID": "CVE-2020-7034",
+      "STATE": "PUBLIC",
+      "TITLE": "Command injection in Avaya Session Border Controller for Enterprise"
+   },
+   "affects": {
+      "vendor": {
+         "vendor_data": [
            {
-                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+               "product": {
+                  "product_data": [
+                     {
+                        "product_name": "Session Border Controller for Enterprise",
+                        "version": {
+                           "version_data": [
+                              {
+                                 "affected": "<=",
+                                 "version_name": "8.0",
+                                 "version_value": "8.1.1.x"
+                              },
+                              {
+                                 "affected": "=",
+                                 "version_name": "7.x",
+                                 "version_value": "7.x"
+                              }
+                           ]
+                        }
+                     }
+                  ]
+               },
+               "vendor_name": "Avaya"
            }
-        ]
-    }
-}
+         ]
+      }
+   },
+   "data_format": "MITRE",
+   "data_type": "CVE",
+   "data_version": "4.0",
+   "description": {
+      "description_data": [
+         {
+            "lang": "eng",
+            "value": "A command injection vulnerability in Avaya Session Border Controller for Enterprise could allow an authenticated, remote attacker to send specially crafted messages and execute arbitrary commands with the affected system privileges. Affected versions of Avaya Session Border Controller for Enterprise include 7.x, 8.0 through 8.1.1.x"
+         }
+      ]
+   },
+   "impact": {
+      "cvss": {
+         "attackComplexity": "LOW",
+         "attackVector": "NETWORK",
+         "availabilityImpact": "HIGH",
+         "baseScore": 7.2,
+         "baseSeverity": "HIGH",
+         "confidentialityImpact": "HIGH",
+         "integrityImpact": "HIGH",
+         "privilegesRequired": "HIGH",
+         "scope": "UNCHANGED",
+         "userInteraction": "NONE",
+         "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
+         "version": "3.1"
+      }
+   },
+   "problemtype": {
+      "problemtype_data": [
+         {
+            "description": [
+               {
+                  "lang": "eng",
+                  "value": "CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')"
+               }
+            ]
+         }
+      ]
+   },
+   "references": {
+      "reference_data": [
+         {
+            "name": "https://downloads.avaya.com/css/P8/documents/101075451",
+            "refsource": "CONFIRM",
+            "url": "https://downloads.avaya.com/css/P8/documents/101075451"
+         }
+      ]
+   },
+   "source": {
+      "advisory": "ASA-2021-031"
+   }
+}