CVE-2018-15611

MEDIUM

Avaya Aura Communication Manager < 6.3.17.0 - Improper Access Control

Title source: rule

Description

A vulnerability in the local system administration component of Avaya Aura Communication Manager can allow an authenticated, privileged user on the local system to gain root privileges. Affected versions include 6.3.x and all 7.x version prior to 7.1.3.1.

References (1)

[Vendor Advisory] https://downloads.avaya.com/css/P8/documents/101052550

Scores

CVSS v3 6.3

EPSS 0.0003

EPSS Percentile 9.6%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

Classification

CWE

CWE-284

Status published

Affected Products (1)

avaya/aura_communication_manager < 6.3.17.0

Timeline

Published Sep 27, 2018

Tracked Since Feb 18, 2026