CVE-2018-15610
HIGHAvaya IP Office 9.1-10.1 - Authenticated Arbitrary File Read/Delete via one-X Portal
Title source: llmDescription
A vulnerability in the one-X Portal component of Avaya IP Office allows an authenticated attacker to read and delete arbitrary files on the system. Affected versions of Avaya IP Office include 9.1 through 9.1 SP12, 10.0 through 10.0 SP7, and 10.1 through 10.1 SP2.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
https://downloads.avaya.com/css/P8/documents/101051984
Exploit, Third Party Advisory x_refsource_misc
https://packetstormsecurity.com/files/149284/Avaya-one-X-9.x-10.0.x-10.1.x-Arbitrary-File-Disclosure-Deletion.html
Scores
CVSS v3
7.3
EPSS
0.0185
EPSS Percentile
76.4%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H
Details
CWE
CWE-22
CWE-284
Status
published
Products (3)
avaya/ip_office
9.1 (13 CPE variants)
avaya/ip_office
10.0 (8 CPE variants)
avaya/ip_office
10.1 (3 CPE variants)
Published
Sep 12, 2018
Tracked Since
Feb 18, 2026