CVE-2021-25649
MEDIUMAvaya Aura Utility Services 7.0-7.1.2 - Sensitive Information Exposure via Directory and File Management
Title source: llmDescription
An information disclosure vulnerability was discovered in the directory and file management of Avaya Aura Utility Services. This vulnerability may potentially allow any local user to access system functionality and configuration information that should only be available to a privileged user. Affects all 7.x versions of Avaya Aura Utility Services
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://support.avaya.com/css/P8/documents/101072728
Scores
CVSS v3
4.9
EPSS
0.0062
EPSS Percentile
45.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-200
Status
published
Products (1)
avaya/aura_utility_services
7.0 - 7.1.3
Published
Jun 24, 2021
Tracked Since
Feb 18, 2026