CVE-2018-15615

HIGH

Avaya Call Management System Supervisor R17.0.x and R18.0.x - Local Sensitive Information Exposure

Title source: llm
STIX 2.1

Description

A vulnerability in the Supervisor component of Avaya Call Management System allows local administrative user to extract sensitive information from users connecting to a remote CMS host. Affected versions of CMS Supervisor include R17.0.x and R18.0.x.

References (2)

Core 2
Core References
Vendor Advisory x_refsource_confirm
https://downloads.avaya.com/css/P8/documents/101052300
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/105392

Scores

CVSS v3 7.2
EPSS 0.0034
EPSS Percentile 26.3%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H

Details

CWE
CWE-200
Status published
Products (3)
avaya/call_management_system_supervisor 17.0.0
avaya/call_management_system_supervisor 18.0.1.0
avaya/call_management_system_supervisor 18.0.2.0
Published Sep 24, 2018
Tracked Since Feb 18, 2026