CVE-2021-25657

Опубликовано: 02 сент. 2022

Источник: nvd

CVSS3: 7.8

EPSS Низкий

Описание

A privilege escalation vulnerability was discovered in Avaya IP Office Admin Lite and USB Creator that may potentially allow a local user to escalate privileges. This issue affects Admin Lite and USB Creator 11.1 Feature Pack 2 Service Pack 1 and earlier versions.

Ссылки

https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2022/MNDT-2022-0037/MNDT-2022-0037.md
Exploit
Third Party Advisory
https://support.avaya.com/css/P8/documents/101083319
Patch
Vendor Advisory
https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2022/MNDT-2022-0037/MNDT-2022-0037.md
Exploit
Third Party Advisory
https://support.avaya.com/css/P8/documents/101083319
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:avaya:ip_office:*:*:*:*:*:*:*:*

Версия до 11.1 (исключая)

cpe:2.3:a:avaya:ip_office:11.1:-:*:*:*:*:*:*

cpe:2.3:a:avaya:ip_office:11.1:feature_pack1:*:*:*:*:*:*

cpe:2.3:a:avaya:ip_office:11.1:feature_pack1_service_pack1:*:*:*:*:*:*

cpe:2.3:a:avaya:ip_office:11.1:feature_pack2:*:*:*:*:*:*

cpe:2.3:a:avaya:ip_office:11.1:feature_pack2_service_pack1:*:*:*:*:*:*

EPSS

Процентиль: 20%

0.00064

Низкий

7.8 High

CVSS3

Дефекты

CWE-269

NVD-CWE-Other

Связанные уязвимости

GHSA-23q4-mv34-qff2