Vulnerabilities > Avaya > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-09-02 | CVE-2021-25657 | Unspecified vulnerability in Avaya IP Office A privilege escalation vulnerability was discovered in Avaya IP Office Admin Lite and USB Creator that may potentially allow a local user to escalate privileges. | 7.8 |
| 2021-06-25 | CVE-2021-25654 | Unspecified vulnerability in Avaya Aura Device Services An arbitrary code execution vulnerability was discovered in Avaya Aura Device Services that may potentially allow a local user to execute specially crafted scripts. | 7.8 |
| 2021-06-24 | CVE-2021-25650 | Improper Privilege Management vulnerability in Avaya Aura Utility Services 7.0/7.0.1.2/7.1.3 A privilege escalation vulnerability was discovered in Avaya Aura Utility Services that may potentially allow a local user to execute specially crafted scripts as a privileged user. | 8.8 |
| 2021-06-24 | CVE-2021-25651 | Improper Privilege Management vulnerability in Avaya Aura Utility Services 7.0/7.0.1.2/7.1.3 A privilege escalation vulnerability was discovered in Avaya Aura Utility Services that may potentially allow a local user to escalate privileges. | 7.8 |
| 2021-06-24 | CVE-2021-25653 | Unspecified vulnerability in Avaya Aura Appliance Virtualization Platform 8.0.0.0/8.1.3.1 A privilege escalation vulnerability was discovered in Avaya Aura Appliance Virtualization Platform Utilities (AVPU) that may potentially allow a local user to escalate privileges. | 7.8 |
| 2021-04-28 | CVE-2020-7038 | Unspecified vulnerability in Avaya Equinox Conferencing 9.0.0/9.1.10/9.1.9 A vulnerability was discovered in Management component of Avaya Equinox Conferencing that could potentially allow an unauthenticated, remote attacker to gain access to screen sharing and whiteboard sessions. | 7.5 |
| 2021-04-28 | CVE-2020-7037 | XXE vulnerability in Avaya Equinox Conferencing 9.0.0/9.1.10/9.1.9 An XML External Entities (XXE) vulnerability in Media Server component of Avaya Equinox Conferencing could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system or even potentially lead to a denial of service. | 8.1 |
| 2021-04-23 | CVE-2020-7034 | Command Injection vulnerability in Avaya Session Border Controller for Enterprise A command injection vulnerability in Avaya Session Border Controller for Enterprise could allow an authenticated, remote attacker to send specially crafted messages and execute arbitrary commands with the affected system privileges. | 8.8 |
| 2020-08-11 | CVE-2020-7029 | Cross-Site Request Forgery (CSRF) vulnerability in Avaya Aura Communication Manager and Aura Messaging A Cross-Site Request Forgery (CSRF) vulnerability was discovered in the System Management Interface Web component of Avaya Aura Communication Manager and Avaya Aura Messaging. | 8.8 |
| 2020-08-07 | CVE-2019-7005 | Unspecified vulnerability in Avaya IP Office A vulnerability was discovered in the web interface component of IP Office that may potentially allow a remote, unauthenticated user with network access to gain sensitive information. | 7.5 |