CVE-2020-7030

MEDIUM

Avaya IP Office < 10.1.0.7 - Information Disclosure

Title source: rule

Description

A sensitive information disclosure vulnerability was discovered in the web interface component of IP Office that may potentially allow a local user to gain unauthorized access to the component. Affected versions of IP Office include: 9.x, 10.0 through 10.1.0.7 and 11.0 though 11.0.4.3.

Exploits (1)

exploitdb WRITEUP

by hyp3rlinx · textwebappsmultiple

https://www.exploit-db.com/exploits/48581

View Code ZIP pw:eip

References (3)

[Vendor Advisory] https://downloads.avaya.com/css/P8/documents/101067493

[Exploit, Third Party Advisory] http://packetstormsecurity.com/files/157957/Avaya-IP-Office-11-Insecure-Transit-Password-Disclosure.html

[Mailing List] http://seclists.org/fulldisclosure/2020/Jun/12

Scores

CVSS v3 5.5

EPSS 0.0066

EPSS Percentile 71.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-522 CWE-200

Status published

Products (3)

avaya/ip_office 9.0 (13 CPE variants)

avaya/ip_office 9.1 (12 CPE variants)

avaya/ip_office 10.0 - 10.1.0.7

Published Jun 04, 2020

Tracked Since Feb 18, 2026