Initial publication of CVE-2020-7034

2025-08-04 08:44:25 +00:00 · 2021-04-23 14:12:27 -06:00 · 2021-04-23 14:12:27 -06:00 · fbbf48f094
commit fbbf48f094
parent 71cb689b9f
1 changed files with 87 additions and 15 deletions
--- a/2020/7xxx/CVE-2020-7034.json
+++ b/2020/7xxx/CVE-2020-7034.json
@ -1,18 +1,90 @@
 {
-    "data_type": "CVE",
-    "data_format": "MITRE",
-    "data_version": "4.0",
-    "CVE_data_meta": {
-        "ID": "CVE-2020-7034",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
-    },
-    "description": {
-        "description_data": [
+   "CVE_data_meta": {
+      "ASSIGNER": "securityalerts@avaya.com",
+      "DATE_PUBLIC": "2021-04-23T06:00:00.000Z",
+      "ID": "CVE-2020-7034",
+      "STATE": "PUBLIC",
+      "TITLE": "Command injection in Avaya Session Border Controller for Enterprise"
+   },
+   "affects": {
+      "vendor": {
+         "vendor_data": [
            {
-                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+               "product": {
+                  "product_data": [
+                     {
+                        "product_name": "Session Border Controller for Enterprise",
+                        "version": {
+                           "version_data": [
+                              {
+                                 "affected": "<=",
+                                 "version_name": "8.0",
+                                 "version_value": "8.1.1.x"
+                              },
+                              {
+                                 "affected": "=",
+                                 "version_name": "7.x",
+                                 "version_value": "7.x"
+                              }
+                           ]
+                        }
+                     }
+                  ]
+               },
+               "vendor_name": "Avaya"
            }
-        ]
-    }
-}
+         ]
+      }
+   },
+   "data_format": "MITRE",
+   "data_type": "CVE",
+   "data_version": "4.0",
+   "description": {
+      "description_data": [
+         {
+            "lang": "eng",
+            "value": "A command injection vulnerability in Avaya Session Border Controller for Enterprise could allow an authenticated, remote attacker to send specially crafted messages and execute arbitrary commands with the affected system privileges. Affected versions of Avaya Session Border Controller for Enterprise include 7.x, 8.0 through 8.1.1.x"
+         }
+      ]
+   },
+   "impact": {
+      "cvss": {
+         "attackComplexity": "LOW",
+         "attackVector": "NETWORK",
+         "availabilityImpact": "HIGH",
+         "baseScore": 7.2,
+         "baseSeverity": "HIGH",
+         "confidentialityImpact": "HIGH",
+         "integrityImpact": "HIGH",
+         "privilegesRequired": "HIGH",
+         "scope": "UNCHANGED",
+         "userInteraction": "NONE",
+         "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
+         "version": "3.1"
+      }
+   },
+   "problemtype": {
+      "problemtype_data": [
+         {
+            "description": [
+               {
+                  "lang": "eng",
+                  "value": "CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')"
+               }
+            ]
+         }
+      ]
+   },
+   "references": {
+      "reference_data": [
+         {
+            "name": "https://downloads.avaya.com/css/P8/documents/101075451",
+            "refsource": "CONFIRM",
+            "url": "https://downloads.avaya.com/css/P8/documents/101075451"
+         }
+      ]
+   },
+   "source": {
+      "advisory": "ASA-2021-031"
+   }
+}