CVE-2024-7480

MEDIUM

Avaya Aura System Manager < 10.1.2 - Incorrect Privilege Assignment

Title source: rule

Description

An Improper access control vulnerability was found in Avaya Aura System Manager which could allow a command-line interface (CLI) user with administrative privileges to read arbitrary files on the system. Affected versions include 10.1.x.x and 10.2.x.x. Versions prior to 10.1 are end of manufacturer support.

References (1)

[Vendor Advisory] https://download.avaya.com/css/public/documents/101091159

Scores

CVSS v3 4.2

EPSS 0.0007

EPSS Percentile 21.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N

Classification

CWE

CWE-266

Status published

Affected Products (2)

avaya/aura_system_manager < 10.1.2

avaya/aura_system_manager

Timeline

Published Aug 08, 2024

Tracked Since Feb 18, 2026