cve-2018-15611
Vulnerability from cvelistv5
Published
2018-09-27 23:00
Modified
2024-09-16 23:01
Severity ?
6.3 (Medium) - CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
Summary
A vulnerability in the local system administration component of Avaya Aura Communication Manager can allow an authenticated, privileged user on the local system to gain root privileges. Affected versions include 6.3.x and all 7.x version prior to 7.1.3.1.
References
securityalerts@avaya.comhttps://downloads.avaya.com/css/P8/documents/101052550Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://downloads.avaya.com/css/P8/documents/101052550Vendor Advisory
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T10:01:54.278Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://downloads.avaya.com/css/P8/documents/101052550"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Communication Manager",
          "vendor": "Avaya",
          "versions": [
            {
              "lessThan": "7.x*",
              "status": "affected",
              "version": "7.1.3.1",
              "versionType": "custom"
            },
            {
              "lessThan": "6.3.x*",
              "status": "affected",
              "version": "6.3.x",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2018-09-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the local system administration component of Avaya Aura Communication Manager can allow an authenticated, privileged user on the local system to gain root privileges. Affected versions include 6.3.x and all 7.x version prior to 7.1.3.1."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-284",
              "description": "CWE-284: Improper Access Control",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-09-27T22:57:01",
        "orgId": "9d670455-bdb5-4cca-a883-5914865f5d96",
        "shortName": "avaya"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://downloads.avaya.com/css/P8/documents/101052550"
        }
      ],
      "source": {
        "advisory": "ASA-2017-343"
      },
      "title": "Communication Manager Local Administrator PrivEsc",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "securityalerts@avaya.com",
          "DATE_PUBLIC": "2018-09-27T06:00:00.000Z",
          "ID": "CVE-2018-15611",
          "STATE": "PUBLIC",
          "TITLE": "Communication Manager Local Administrator PrivEsc"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Communication Manager",
                      "version": {
                        "version_data": [
                          {
                            "affected": "\u003c=7.1.3.1",
                            "version_affected": "\u003c=7.1.3.1",
                            "version_name": "7.x",
                            "version_value": "7.1.3.1"
                          },
                          {
                            "affected": "=6.3.x",
                            "version_affected": "=6.3.x",
                            "version_name": "6.3.x",
                            "version_value": "6.3.x"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Avaya"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the local system administration component of Avaya Aura Communication Manager can allow an authenticated, privileged user on the local system to gain root privileges. Affected versions include 6.3.x and all 7.x version prior to 7.1.3.1."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-284: Improper Access Control"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://downloads.avaya.com/css/P8/documents/101052550",
              "refsource": "CONFIRM",
              "url": "https://downloads.avaya.com/css/P8/documents/101052550"
            }
          ]
        },
        "source": {
          "advisory": "ASA-2017-343"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9d670455-bdb5-4cca-a883-5914865f5d96",
    "assignerShortName": "avaya",
    "cveId": "CVE-2018-15611",
    "datePublished": "2018-09-27T23:00:00Z",
    "dateReserved": "2018-08-21T00:00:00",
    "dateUpdated": "2024-09-16T23:01:41.772Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:avaya:aura_communication_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"6.3.0.1\", \"versionEndIncluding\": \"6.3.17.0\", \"matchCriteriaId\": \"1F5C84B5-2345-4D8F-9524-85923B4452B3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:avaya:aura_communication_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"7.0\", \"versionEndExcluding\": \"7.1.3.1\", \"matchCriteriaId\": \"579AA33E-74BC-4A14-ACF2-B9E7D4F5BE60\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A vulnerability in the local system administration component of Avaya Aura Communication Manager can allow an authenticated, privileged user on the local system to gain root privileges. Affected versions include 6.3.x and all 7.x version prior to 7.1.3.1.\"}, {\"lang\": \"es\", \"value\": \"Una vulnerabilidad en el componente de administraci\\u00f3n del sistema local de Avaya Aura Communication Manager puede permitir que un usuario autenticado privilegiado en el sistema local obtenga privilegios root. Las versiones afectadas incluyen las 6.3.x y todas las versiones 7.x anteriores a la 7.1.3.1.\"}]",
      "id": "CVE-2018-15611",
      "lastModified": "2024-11-21T03:51:10.330",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"securityalerts@avaya.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 6.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 0.3, \"impactScore\": 5.9}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 6.7, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 0.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:L/Au:N/C:C/I:C/A:C\", \"baseScore\": 7.2, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 3.9, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2018-09-27T23:29:00.373",
      "references": "[{\"url\": \"https://downloads.avaya.com/css/P8/documents/101052550\", \"source\": \"securityalerts@avaya.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://downloads.avaya.com/css/P8/documents/101052550\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "securityalerts@avaya.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"securityalerts@avaya.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-284\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2018-15611\",\"sourceIdentifier\":\"securityalerts@avaya.com\",\"published\":\"2018-09-27T23:29:00.373\",\"lastModified\":\"2024-11-21T03:51:10.330\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability in the local system administration component of Avaya Aura Communication Manager can allow an authenticated, privileged user on the local system to gain root privileges. Affected versions include 6.3.x and all 7.x version prior to 7.1.3.1.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad en el componente de administraci\u00f3n del sistema local de Avaya Aura Communication Manager puede permitir que un usuario autenticado privilegiado en el sistema local obtenga privilegios root. Las versiones afectadas incluyen las 6.3.x y todas las versiones 7.x anteriores a la 7.1.3.1.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"securityalerts@avaya.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":6.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":0.3,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":6.7,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":0.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":7.2,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":3.9,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"securityalerts@avaya.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-284\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:avaya:aura_communication_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.3.0.1\",\"versionEndIncluding\":\"6.3.17.0\",\"matchCriteriaId\":\"1F5C84B5-2345-4D8F-9524-85923B4452B3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:avaya:aura_communication_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.0\",\"versionEndExcluding\":\"7.1.3.1\",\"matchCriteriaId\":\"579AA33E-74BC-4A14-ACF2-B9E7D4F5BE60\"}]}]}],\"references\":[{\"url\":\"https://downloads.avaya.com/css/P8/documents/101052550\",\"source\":\"securityalerts@avaya.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://downloads.avaya.com/css/P8/documents/101052550\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.