Vulnerability-Lookup - Search a vulnerability

Search criteria

Vendor

Product

Assigner

Sources

Sort by

Order

FKIE_CVE-2021-25652

Vulnerability from fkie_nvd - Published: 2021-06-24 09:15 - Updated: 2024-11-21 05:55

Severity ?

4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Summary

An information disclosure vulnerability was discovered in the directory and file management of Avaya Aura Appliance Virtualization Platform Utilities (AVPU). This vulnerability may potentially allow any local user to access system functionality and configuration information that should only be available to a privileged user. Affects versions 8.0.0.0 through 8.1.3.1 of AVPU.

References

	URL	Tags
	securityalerts@avaya.com	https://support.avaya.com/css/P8/documents/101076479	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://support.avaya.com/css/P8/documents/101076479	Vendor Advisory

Impacted products

	Vendor	Product	Version
	avaya	aura_appliance_virtualization_platform	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:avaya:aura_appliance_virtualization_platform:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4110791-8053-463D-A47F-695A496FC5C9",
              "versionEndIncluding": "8.1.3.1",
              "versionStartIncluding": "8.0.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An information disclosure vulnerability was discovered in the directory and file management of Avaya Aura Appliance Virtualization Platform Utilities (AVPU). This vulnerability may potentially allow any local user to access system functionality and configuration information that should only be available to a privileged user. Affects versions 8.0.0.0 through 8.1.3.1 of AVPU."
    },
    {
      "lang": "es",
      "value": "Se ha detectado una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n en la administraci\u00f3n de directorios y archivos de Avaya Aura Appliance Virtualization Platform Utilities (AVPU). Esta vulnerabilidad puede permitir potencialmente a cualquier usuario local acceder a la funcionalidad del sistema y a la informaci\u00f3n de configuraci\u00f3n que s\u00f3lo deber\u00eda estar disponible para un usuario con privilegios. Afecta a las versiones 8.0.0.0 hasta 8.1.3.1 de AVPU"
    }
  ],
  "id": "CVE-2021-25652",
  "lastModified": "2024-11-21T05:55:13.387",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.1,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 3.6,
        "source": "securityalerts@avaya.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-06-24T09:15:10.883",
  "references": [
    {
      "source": "securityalerts@avaya.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.avaya.com/css/P8/documents/101076479"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.avaya.com/css/P8/documents/101076479"
    }
  ],
  "sourceIdentifier": "securityalerts@avaya.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "securityalerts@avaya.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-668"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2021-25653

Vulnerability from fkie_nvd - Published: 2021-06-24 09:15 - Updated: 2024-11-21 05:55

Severity ?

8.0 (High) - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

A privilege escalation vulnerability was discovered in Avaya Aura Appliance Virtualization Platform Utilities (AVPU) that may potentially allow a local user to escalate privileges. Affects 8.0.0.0 through 8.1.3.1 versions of AVPU.

References

	URL	Tags
	securityalerts@avaya.com	https://support.avaya.com/css/P8/documents/101076479	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://support.avaya.com/css/P8/documents/101076479	Vendor Advisory

Impacted products

	Vendor	Product	Version
	avaya	aura_appliance_virtualization_platform	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:avaya:aura_appliance_virtualization_platform:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4110791-8053-463D-A47F-695A496FC5C9",
              "versionEndIncluding": "8.1.3.1",
              "versionStartIncluding": "8.0.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A privilege escalation vulnerability was discovered in Avaya Aura Appliance Virtualization Platform Utilities (AVPU) that may potentially allow a local user to escalate privileges. Affects 8.0.0.0 through 8.1.3.1 versions of AVPU."
    },
    {
      "lang": "es",
      "value": "Se ha detectado una vulnerabilidad de escalada de privilegios en Avaya Aura Appliance Virtualization Platform Utilities (AVPU) que podr\u00eda permitir a un usuario local escalar privilegios. Afecta a las versiones 8.0.0.0 hasta 8.1.3.1 de AVPU"
    }
  ],
  "id": "CVE-2021-25653",
  "lastModified": "2024-11-21T05:55:13.503",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.0,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.3,
        "impactScore": 6.0,
        "source": "securityalerts@avaya.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-06-24T09:15:10.943",
  "references": [
    {
      "source": "securityalerts@avaya.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.avaya.com/css/P8/documents/101076479"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.avaya.com/css/P8/documents/101076479"
    }
  ],
  "sourceIdentifier": "securityalerts@avaya.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-250"
        }
      ],
      "source": "securityalerts@avaya.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2021-25653 (GCVE-0-2021-25653)

Vulnerability from cvelistv5 – Published: 2021-06-24 08:55 – Updated: 2024-08-03 20:11

Summary

A privilege escalation vulnerability was discovered in Avaya Aura Appliance Virtualization Platform Utilities (AVPU) that may potentially allow a local user to escalate privileges. Affects 8.0.0.0 through 8.1.3.1 versions of AVPU.

Severity ?

8 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

CWE

CWE-250

Assigner

avaya

References

URL

Tags

https://support.avaya.com/css/P8/documents/101076479

x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Avaya	Avaya Aura Appliance Virtualization Platform Utilities	Affected: 8.0.0.0 , ≤ 8.1.3.1 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T20:11:27.517Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.avaya.com/css/P8/documents/101076479"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Avaya Aura Appliance Virtualization Platform Utilities",
          "vendor": "Avaya",
          "versions": [
            {
              "lessThanOrEqual": "8.1.3.1",
              "status": "affected",
              "version": "8.0.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A privilege escalation vulnerability was discovered in Avaya Aura Appliance Virtualization Platform Utilities (AVPU) that may potentially allow a local user to escalate privileges. Affects 8.0.0.0 through 8.1.3.1 versions of AVPU."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-250",
              "description": "CWE-250",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-06-24T08:55:29",
        "orgId": "9d670455-bdb5-4cca-a883-5914865f5d96",
        "shortName": "avaya"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.avaya.com/css/P8/documents/101076479"
        }
      ],
      "source": {
        "advisory": "ASA-2021-087",
        "defect": [
          "PSST-1147"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "Avaya Aura Appliance Virtualization Platform Utilities Privilege Escalation Vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "securityalerts@avaya.com",
          "ID": "CVE-2021-25653",
          "STATE": "PUBLIC",
          "TITLE": "Avaya Aura Appliance Virtualization Platform Utilities Privilege Escalation Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Avaya Aura Appliance Virtualization Platform Utilities",
                      "version": {
                        "version_data": [
                          {
                            "affected": "\u003c=",
                            "version_affected": "\u003c=",
                            "version_name": "8.0.0.0",
                            "version_value": "8.1.3.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Avaya"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A privilege escalation vulnerability was discovered in Avaya Aura Appliance Virtualization Platform Utilities (AVPU) that may potentially allow a local user to escalate privileges. Affects 8.0.0.0 through 8.1.3.1 versions of AVPU."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-250"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.avaya.com/css/P8/documents/101076479",
              "refsource": "MISC",
              "url": "https://support.avaya.com/css/P8/documents/101076479"
            }
          ]
        },
        "source": {
          "advisory": "ASA-2021-087",
          "defect": [
            "PSST-1147"
          ],
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9d670455-bdb5-4cca-a883-5914865f5d96",
    "assignerShortName": "avaya",
    "cveId": "CVE-2021-25653",
    "datePublished": "2021-06-24T08:55:29",
    "dateReserved": "2021-01-21T00:00:00",
    "dateUpdated": "2024-08-03T20:11:27.517Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-25652 (GCVE-0-2021-25652)

Vulnerability from cvelistv5 – Published: 2021-06-24 08:55 – Updated: 2024-08-03 20:11

Summary

An information disclosure vulnerability was discovered in the directory and file management of Avaya Aura Appliance Virtualization Platform Utilities (AVPU). This vulnerability may potentially allow any local user to access system functionality and configuration information that should only be available to a privileged user. Affects versions 8.0.0.0 through 8.1.3.1 of AVPU.

Severity ?

4.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

CWE

CWE-200 - CWE-378

Assigner

avaya

References

URL

Tags

https://support.avaya.com/css/P8/documents/101076479

x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Avaya	Avaya Aura Appliance Virtualization Platform Utilities	Affected: 8.0.0.0 , ≤ 8.1.3.1 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T20:11:27.657Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.avaya.com/css/P8/documents/101076479"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Avaya Aura Appliance Virtualization Platform Utilities",
          "vendor": "Avaya",
          "versions": [
            {
              "lessThanOrEqual": "8.1.3.1",
              "status": "affected",
              "version": "8.0.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An information disclosure vulnerability was discovered in the directory and file management of Avaya Aura Appliance Virtualization Platform Utilities (AVPU). This vulnerability may potentially allow any local user to access system functionality and configuration information that should only be available to a privileged user. Affects versions 8.0.0.0 through 8.1.3.1 of AVPU."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-200",
              "description": "CWE-200\nCWE-378",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-06-24T08:55:28",
        "orgId": "9d670455-bdb5-4cca-a883-5914865f5d96",
        "shortName": "avaya"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.avaya.com/css/P8/documents/101076479"
        }
      ],
      "source": {
        "advisory": "ASA-2021-087",
        "defect": [
          "PSST-1147"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "Avaya Aura Appliance Virtualization Platform Utilities Sensitive Information Disclosure Vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "securityalerts@avaya.com",
          "ID": "CVE-2021-25652",
          "STATE": "PUBLIC",
          "TITLE": "Avaya Aura Appliance Virtualization Platform Utilities Sensitive Information Disclosure Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Avaya Aura Appliance Virtualization Platform Utilities",
                      "version": {
                        "version_data": [
                          {
                            "affected": "\u003c=",
                            "version_affected": "\u003c=",
                            "version_name": "8.0.0.0",
                            "version_value": "8.1.3.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Avaya"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An information disclosure vulnerability was discovered in the directory and file management of Avaya Aura Appliance Virtualization Platform Utilities (AVPU). This vulnerability may potentially allow any local user to access system functionality and configuration information that should only be available to a privileged user. Affects versions 8.0.0.0 through 8.1.3.1 of AVPU."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-200\nCWE-378"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.avaya.com/css/P8/documents/101076479",
              "refsource": "MISC",
              "url": "https://support.avaya.com/css/P8/documents/101076479"
            }
          ]
        },
        "source": {
          "advisory": "ASA-2021-087",
          "defect": [
            "PSST-1147"
          ],
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9d670455-bdb5-4cca-a883-5914865f5d96",
    "assignerShortName": "avaya",
    "cveId": "CVE-2021-25652",
    "datePublished": "2021-06-24T08:55:28",
    "dateReserved": "2021-01-21T00:00:00",
    "dateUpdated": "2024-08-03T20:11:27.657Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-25653 (GCVE-0-2021-25653)

Vulnerability from nvd – Published: 2021-06-24 08:55 – Updated: 2024-08-03 20:11

Summary

A privilege escalation vulnerability was discovered in Avaya Aura Appliance Virtualization Platform Utilities (AVPU) that may potentially allow a local user to escalate privileges. Affects 8.0.0.0 through 8.1.3.1 versions of AVPU.

Severity ?

8 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

CWE

CWE-250

Assigner

avaya

References

URL

Tags

https://support.avaya.com/css/P8/documents/101076479

x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Avaya	Avaya Aura Appliance Virtualization Platform Utilities	Affected: 8.0.0.0 , ≤ 8.1.3.1 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T20:11:27.517Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.avaya.com/css/P8/documents/101076479"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Avaya Aura Appliance Virtualization Platform Utilities",
          "vendor": "Avaya",
          "versions": [
            {
              "lessThanOrEqual": "8.1.3.1",
              "status": "affected",
              "version": "8.0.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A privilege escalation vulnerability was discovered in Avaya Aura Appliance Virtualization Platform Utilities (AVPU) that may potentially allow a local user to escalate privileges. Affects 8.0.0.0 through 8.1.3.1 versions of AVPU."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-250",
              "description": "CWE-250",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-06-24T08:55:29",
        "orgId": "9d670455-bdb5-4cca-a883-5914865f5d96",
        "shortName": "avaya"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.avaya.com/css/P8/documents/101076479"
        }
      ],
      "source": {
        "advisory": "ASA-2021-087",
        "defect": [
          "PSST-1147"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "Avaya Aura Appliance Virtualization Platform Utilities Privilege Escalation Vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "securityalerts@avaya.com",
          "ID": "CVE-2021-25653",
          "STATE": "PUBLIC",
          "TITLE": "Avaya Aura Appliance Virtualization Platform Utilities Privilege Escalation Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Avaya Aura Appliance Virtualization Platform Utilities",
                      "version": {
                        "version_data": [
                          {
                            "affected": "\u003c=",
                            "version_affected": "\u003c=",
                            "version_name": "8.0.0.0",
                            "version_value": "8.1.3.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Avaya"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A privilege escalation vulnerability was discovered in Avaya Aura Appliance Virtualization Platform Utilities (AVPU) that may potentially allow a local user to escalate privileges. Affects 8.0.0.0 through 8.1.3.1 versions of AVPU."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-250"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.avaya.com/css/P8/documents/101076479",
              "refsource": "MISC",
              "url": "https://support.avaya.com/css/P8/documents/101076479"
            }
          ]
        },
        "source": {
          "advisory": "ASA-2021-087",
          "defect": [
            "PSST-1147"
          ],
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9d670455-bdb5-4cca-a883-5914865f5d96",
    "assignerShortName": "avaya",
    "cveId": "CVE-2021-25653",
    "datePublished": "2021-06-24T08:55:29",
    "dateReserved": "2021-01-21T00:00:00",
    "dateUpdated": "2024-08-03T20:11:27.517Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-25652 (GCVE-0-2021-25652)

Vulnerability from nvd – Published: 2021-06-24 08:55 – Updated: 2024-08-03 20:11

Summary

An information disclosure vulnerability was discovered in the directory and file management of Avaya Aura Appliance Virtualization Platform Utilities (AVPU). This vulnerability may potentially allow any local user to access system functionality and configuration information that should only be available to a privileged user. Affects versions 8.0.0.0 through 8.1.3.1 of AVPU.

Severity ?

4.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

CWE

CWE-200 - CWE-378

Assigner

avaya

References

URL

Tags

https://support.avaya.com/css/P8/documents/101076479

x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Avaya	Avaya Aura Appliance Virtualization Platform Utilities	Affected: 8.0.0.0 , ≤ 8.1.3.1 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T20:11:27.657Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.avaya.com/css/P8/documents/101076479"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Avaya Aura Appliance Virtualization Platform Utilities",
          "vendor": "Avaya",
          "versions": [
            {
              "lessThanOrEqual": "8.1.3.1",
              "status": "affected",
              "version": "8.0.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An information disclosure vulnerability was discovered in the directory and file management of Avaya Aura Appliance Virtualization Platform Utilities (AVPU). This vulnerability may potentially allow any local user to access system functionality and configuration information that should only be available to a privileged user. Affects versions 8.0.0.0 through 8.1.3.1 of AVPU."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-200",
              "description": "CWE-200\nCWE-378",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-06-24T08:55:28",
        "orgId": "9d670455-bdb5-4cca-a883-5914865f5d96",
        "shortName": "avaya"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.avaya.com/css/P8/documents/101076479"
        }
      ],
      "source": {
        "advisory": "ASA-2021-087",
        "defect": [
          "PSST-1147"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "Avaya Aura Appliance Virtualization Platform Utilities Sensitive Information Disclosure Vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "securityalerts@avaya.com",
          "ID": "CVE-2021-25652",
          "STATE": "PUBLIC",
          "TITLE": "Avaya Aura Appliance Virtualization Platform Utilities Sensitive Information Disclosure Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Avaya Aura Appliance Virtualization Platform Utilities",
                      "version": {
                        "version_data": [
                          {
                            "affected": "\u003c=",
                            "version_affected": "\u003c=",
                            "version_name": "8.0.0.0",
                            "version_value": "8.1.3.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Avaya"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An information disclosure vulnerability was discovered in the directory and file management of Avaya Aura Appliance Virtualization Platform Utilities (AVPU). This vulnerability may potentially allow any local user to access system functionality and configuration information that should only be available to a privileged user. Affects versions 8.0.0.0 through 8.1.3.1 of AVPU."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-200\nCWE-378"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.avaya.com/css/P8/documents/101076479",
              "refsource": "MISC",
              "url": "https://support.avaya.com/css/P8/documents/101076479"
            }
          ]
        },
        "source": {
          "advisory": "ASA-2021-087",
          "defect": [
            "PSST-1147"
          ],
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9d670455-bdb5-4cca-a883-5914865f5d96",
    "assignerShortName": "avaya",
    "cveId": "CVE-2021-25652",
    "datePublished": "2021-06-24T08:55:28",
    "dateReserved": "2021-01-21T00:00:00",
    "dateUpdated": "2024-08-03T20:11:27.657Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Search criteria

6 vulnerabilities found for aura_appliance_virtualization_platform by avaya

FKIE_CVE-2021-25652

FKIE_CVE-2021-25653

CVE-2021-25653 (GCVE-0-2021-25653)

CVE-2021-25652 (GCVE-0-2021-25652)

CVE-2021-25653 (GCVE-0-2021-25653)

CVE-2021-25652 (GCVE-0-2021-25652)