CVE-2020-7034
HIGHAvaya Session Border Controller for Enterprise 7.x-8.1.1.x - Authenticated OS Command Injection
Title source: llmDescription
A command injection vulnerability in Avaya Session Border Controller for Enterprise could allow an authenticated, remote attacker to send specially crafted messages and execute arbitrary commands with the affected system privileges. Affected versions of Avaya Session Border Controller for Enterprise include 7.x, 8.0 through 8.1.1.x
References (1)
Core 1
Core References
Broken Link, Vendor Advisory x_refsource_confirm
https://downloads.avaya.com/css/P8/documents/101075451
Scores
CVSS v3
7.2
EPSS
0.0237
EPSS Percentile
81.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-77
CWE-78
Status
published
Products (1)
avaya/session_border_controller_for_enterprise
7.0 - 8.1.2.0
Published
Apr 23, 2021
Tracked Since
Feb 18, 2026