CVE-2020-7029 Vulnerability Details

  /     /     /  

CVE-2020-7029 Metadata Quick Info

CVE Published: 11/08/2020 | CVE Updated: 16/09/2024 | CVE Year: 2020
Source: avaya | Vendor: Avaya | Product: Avaya Aura Communication Manager
Status : PUBLISHED

---

CVE-2020-7029 Description

A Cross-Site Request Forgery (CSRF) vulnerability was discovered in the System Management Interface Web component of Avaya Aura Communication Manager and Avaya Aura Messaging. This vulnerability could allow an unauthenticated remote attacker to perform Web administration actions with the privileged level of the authenticated user. Affected versions of Communication Manager are 7.0.x, 7.1.x prior to 7.1.3.5 and 8.0.x. Affected versions of Messaging are 7.0.x, 7.1 and 7.1 SP1.

Metrics

CVSS Version: 3.1 | Base Score: 6.4 MEDIUM
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:L

l➤ Exploitability Metrics:
    Attack Vector (AV)* NETWORK
    Attack Complexity (AC)* HIGH
    Privileges Required (PR)* NONE
    User Interaction (UI)* REQUIRED
    Scope (S)* UNCHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* LOW
    Integrity Impact (I)* HIGH
    Availability Impact (A)* LOW

Weakness Enumeration (CWE)

CWE-ID: CWE-352
CWE Name: CWE-352
Source: Avaya

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).