CVE-2016-2783

CRITICAL

Avaya Fabric Connect Virtual Services Platform - Info Disclosure

Title source: llm

Description

Avaya Fabric Connect Virtual Services Platform (VSP) Operating System Software (VOSS) before 4.2.3.0 and 5.x before 5.0.1.0 does not properly handle VLAN and I-SIS indexes, which allows remote attackers to obtain unauthorized access via crafted Ethernet frames.

Exploits (1)

nomisec WORKING POC 2 stars

by iknowjason · poc

https://github.com/iknowjason/spb

View Code ZIP pw:eip

References (2)

[Exploit, Third Party Advisory] https://packetstormsecurity.com/files/138082/Avaya-VOSS-4.1.0.0-SPB-Traffic-Traversal.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/92157

Scores

CVSS v3 9.8

EPSS 0.0255

EPSS Percentile 85.5%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-19

Status published

Products (2)

avaya/vsp_operating_system_software 5.0.0.0

avaya/vsp_operating_system_software < 4.2.2.0

Published Jan 23, 2017

Tracked Since Feb 18, 2026