18.0.0.2

CVSS 6.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

avaya

CWE-1236

NVD

Published: 2023-07-18

Updated: 2023-07-28

Summary

A CSV injection vulnerability was found in the Avaya Call Management System (CMS) Supervisor web application which allows a user with administrative privileges to input crafted data which, when exported to a CSV file, may attempt arbitrary command execution on the system used to open the file by a spreadsheet software such as Microsoft Excel.

Vulnerable Configurations

Part	Description	Count
Application	Avaya Avaya Call Management System - Avaya Call Management System 17.0 Avaya Call Management System 18.0.0.1 Avaya Call Management System 18.0.0.2	8

Common Weakness Enumeration (CWE)

CWE-1236 - Improper Neutralization of Formula Elements in a CSV File

References

https://download.avaya.com/css/public/documents/101086364