exploitDog

CVE-2023-3722

Опубликовано: 19 июл. 2023

Источник: nvd

CVSS3: 8.6

CVSS3: 9.8

EPSS Средний

Описание

An OS command injection vulnerability was found in the Avaya Aura Device Services Web application which could allow remote code execution as the Web server user via a malicious uploaded file. This issue affects Avaya Aura Device Services version 8.1.4.0 and earlier.

Ссылки

https://download.avaya.com/css/public/documents/101076366
Release Notes
https://download.avaya.com/css/public/documents/101076366
Release Notes

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:avaya:aura_device_services:*:*:*:*:*:*:*:*

Версия до 8.1.4.0 (включая)

EPSS

Процентиль: 98%

0.50868

Средний

8.6 High

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-434

CWE-434

Связанные уязвимости

GHSA-hq7j-vpf8-c785

CVSS3: 8.6

github

больше 2 лет назад

An OS command injection vulnerability was found in the Avaya Aura Device Services Web application which could allow remote code execution as the Web server user via a malicious uploaded file. This issue affects Avaya Aura Device Services version 8.1.4.0 and earlier.

EPSS

Процентиль: 98%

0.50868

Средний

8.6 High

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-434

CWE-434