CVE-2020-7030

MEDIUM

Avaya IP Office < 10.1.0.7 - Information Disclosure

Title source: rule

Description

A sensitive information disclosure vulnerability was discovered in the web interface component of IP Office that may potentially allow a local user to gain unauthorized access to the component. Affected versions of IP Office include: 9.x, 10.0 through 10.1.0.7 and 11.0 though 11.0.4.3.

Exploits (1)

exploitdb WRITEUP

by hyp3rlinx · textwebappsmultiple

https://www.exploit-db.com/exploits/48581

View Code ZIP pw:eip

References (3)

[Mailing List] http://seclists.org/fulldisclosure/2020/Jun/12

[Vendor Advisory] https://downloads.avaya.com/css/P8/documents/101067493

[Exploit, Third Party Advisory] http://packetstormsecurity.com/files/157957/Avaya-IP-Office-11-Insecure-Transit-Password-Disclosure.html

Scores

CVSS v3 5.5

EPSS 0.0022

EPSS Percentile 44.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-522 CWE-200

Status published

Affected Products (26)

avaya/ip_office < 10.1.0.7

avaya/ip_office

avaya/ip_office

avaya/ip_office

avaya/ip_office

avaya/ip_office

avaya/ip_office

avaya/ip_office

avaya/ip_office

avaya/ip_office

avaya/ip_office

avaya/ip_office

avaya/ip_office

avaya/ip_office

avaya/ip_office

... and 11 more

Timeline

Published Jun 04, 2020

Tracked Since Feb 18, 2026