mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-28 17:21:36 +00:00
253 lines
8.8 KiB
JSON
253 lines
8.8 KiB
JSON
{
|
|
"id": "CVE-2018-15610",
|
|
"sourceIdentifier": "securityalerts@avaya.com",
|
|
"published": "2018-09-12T21:29:00.330",
|
|
"lastModified": "2019-10-03T00:03:26.223",
|
|
"vulnStatus": "Modified",
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "A vulnerability in the one-X Portal component of Avaya IP Office allows an authenticated attacker to read and delete arbitrary files on the system. Affected versions of Avaya IP Office include 9.1 through 9.1 SP12, 10.0 through 10.0 SP7, and 10.1 through 10.1 SP2."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "Una vulnerabilidad en el componente one-X Portal de Avaya IP Office permite que un atacante autenticado lea y elimine archivos arbitrarios en el sistema. Las versiones afectadas de Avaya IP Office incluyen desde la 9.1 hasta la 9.1 SP12, desde la 10.0 hasta la 10.0 SP7 y desde la 10.1 hasta la 10.1 SP2."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV30": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "3.0",
|
|
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
|
|
"attackVector": "NETWORK",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "LOW",
|
|
"userInteraction": "NONE",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "HIGH",
|
|
"integrityImpact": "HIGH",
|
|
"availabilityImpact": "HIGH",
|
|
"baseScore": 8.8,
|
|
"baseSeverity": "HIGH"
|
|
},
|
|
"exploitabilityScore": 2.8,
|
|
"impactScore": 5.9
|
|
},
|
|
{
|
|
"source": "securityalerts@avaya.com",
|
|
"type": "Secondary",
|
|
"cvssData": {
|
|
"version": "3.0",
|
|
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H",
|
|
"attackVector": "NETWORK",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "LOW",
|
|
"userInteraction": "REQUIRED",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "HIGH",
|
|
"integrityImpact": "NONE",
|
|
"availabilityImpact": "HIGH",
|
|
"baseScore": 7.3,
|
|
"baseSeverity": "HIGH"
|
|
},
|
|
"exploitabilityScore": 2.1,
|
|
"impactScore": 5.2
|
|
}
|
|
],
|
|
"cvssMetricV2": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "2.0",
|
|
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
|
|
"accessVector": "NETWORK",
|
|
"accessComplexity": "LOW",
|
|
"authentication": "SINGLE",
|
|
"confidentialityImpact": "COMPLETE",
|
|
"integrityImpact": "COMPLETE",
|
|
"availabilityImpact": "COMPLETE",
|
|
"baseScore": 9.0
|
|
},
|
|
"baseSeverity": "HIGH",
|
|
"exploitabilityScore": 8.0,
|
|
"impactScore": 10.0,
|
|
"acInsufInfo": false,
|
|
"obtainAllPrivilege": false,
|
|
"obtainUserPrivilege": false,
|
|
"obtainOtherPrivilege": false,
|
|
"userInteractionRequired": false
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-22"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"source": "securityalerts@avaya.com",
|
|
"type": "Secondary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-284"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:avaya:ip_office:9.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "62D4B983-0DD2-4DB8-A085-4AEEC2BDFC8C"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:avaya:ip_office:9.1:sp1:*:*:*:*:*:*",
|
|
"matchCriteriaId": "9468982C-DB32-490B-9131-9D35E8339467"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:avaya:ip_office:9.1:sp10:*:*:*:*:*:*",
|
|
"matchCriteriaId": "4B490A4A-A837-4CC6-8A44-5A7F03D73619"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:avaya:ip_office:9.1:sp11:*:*:*:*:*:*",
|
|
"matchCriteriaId": "C4A09C00-8D54-4674-A1D9-2F5AAD44CDD6"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:avaya:ip_office:9.1:sp12:*:*:*:*:*:*",
|
|
"matchCriteriaId": "67BFAB48-462F-4E95-9619-7A54E4BDF6F1"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:avaya:ip_office:9.1:sp2:*:*:*:*:*:*",
|
|
"matchCriteriaId": "A7284D50-F3D2-4B7B-9147-346100611D46"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:avaya:ip_office:9.1:sp3:*:*:*:*:*:*",
|
|
"matchCriteriaId": "E488E9F3-5329-43F1-AC9D-36760B95C91A"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:avaya:ip_office:9.1:sp4:*:*:*:*:*:*",
|
|
"matchCriteriaId": "CDD19739-0237-4C6F-9B6C-E47C9053F82A"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:avaya:ip_office:9.1:sp5:*:*:*:*:*:*",
|
|
"matchCriteriaId": "ACC5B2C8-CA4E-4482-8842-52886C5D5397"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:avaya:ip_office:9.1:sp6:*:*:*:*:*:*",
|
|
"matchCriteriaId": "09060F4E-DDB3-4C45-B628-6357ED0FA008"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:avaya:ip_office:9.1:sp7:*:*:*:*:*:*",
|
|
"matchCriteriaId": "7C6013D3-4D4C-46F8-82E6-271FB44FD126"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:avaya:ip_office:9.1:sp8:*:*:*:*:*:*",
|
|
"matchCriteriaId": "B1BED830-57D9-4051-B9D0-4E010AFA7451"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:avaya:ip_office:9.1:sp9:*:*:*:*:*:*",
|
|
"matchCriteriaId": "110B4593-6CF2-443B-AC7D-7DA98C44058C"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:avaya:ip_office:10.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "96AC8E27-36AF-4063-9816-9B32FA8495AA"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:avaya:ip_office:10.0:sp1:*:*:*:*:*:*",
|
|
"matchCriteriaId": "B86F3D17-7408-4721-9921-3EB702018C6F"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:avaya:ip_office:10.0:sp2:*:*:*:*:*:*",
|
|
"matchCriteriaId": "BA3D7B64-7AD6-47D0-846D-A70C2838B653"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:avaya:ip_office:10.0:sp3:*:*:*:*:*:*",
|
|
"matchCriteriaId": "0EF71DB4-1523-4270-B0D8-0D20A2A6EAE8"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:avaya:ip_office:10.0:sp4:*:*:*:*:*:*",
|
|
"matchCriteriaId": "2E32E623-597A-4931-B7CF-EED6EEBA61DF"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:avaya:ip_office:10.0:sp5:*:*:*:*:*:*",
|
|
"matchCriteriaId": "47898FEC-4BB7-469F-9020-2D9FB1B2C50E"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:avaya:ip_office:10.0:sp6:*:*:*:*:*:*",
|
|
"matchCriteriaId": "D429B865-B22A-4F9B-922F-D1F817DF1147"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:avaya:ip_office:10.0:sp7:*:*:*:*:*:*",
|
|
"matchCriteriaId": "AE40493E-ED60-4BFC-9E48-D3148E4D0834"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:avaya:ip_office:10.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "71D9AA27-CBFC-4547-A1D0-777D9C11EE13"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:avaya:ip_office:10.1:sp1:*:*:*:*:*:*",
|
|
"matchCriteriaId": "40E9E848-9578-41C5-AD68-1F1EF954CCCF"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:avaya:ip_office:10.1:sp2:*:*:*:*:*:*",
|
|
"matchCriteriaId": "D4712EC5-6085-46C3-949C-12E815099D52"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "https://downloads.avaya.com/css/P8/documents/101051984",
|
|
"source": "securityalerts@avaya.com",
|
|
"tags": [
|
|
"Vendor Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://packetstormsecurity.com/files/149284/Avaya-one-X-9.x-10.0.x-10.1.x-Arbitrary-File-Disclosure-Deletion.html",
|
|
"source": "securityalerts@avaya.com"
|
|
}
|
|
]
|
|
} |