CVE-2022-2249

HIGH

Avaya Aura Communication Manager 8.0.0.0-8.1.3.3 and 10.1.0.0 - Authenticated Privilege Escalation

Title source: llm

Description

Privilege escalation related vulnerabilities were discovered in Avaya Aura Communication Manager that may allow local administrative users to escalate their privileges. This issue affects Communication Manager versions 8.0.0.0 through 8.1.3.3 and 10.1.0.0.

References (1)

Core 1

Core References

Release Notes, Vendor Advisory

https://download.avaya.com/css/public/documents/101083760

Scores

CVSS v3 7.7

EPSS 0.0019

EPSS Percentile 8.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-269

Status published

Products (2)

avaya/aura_communication_manager 10.1.0.0

avaya/aura_communication_manager 8.0 - 8.1.3.4

Published Oct 12, 2022

Tracked Since Feb 18, 2026