← back
CVE-2018-15610

Improper access controls in IP Office one-X Portal

CVSS 7.3 HIGHEPSS 1.8%CWE-284
A vulnerability in the one-X Portal component of Avaya IP Office allows an authenticated attacker to read and delete arbitrary files on the system. Affected versions of Avaya IP Office include 9.1 through 9.1 SP12, 10.0 through 10.0 SP7, and 10.1 through 10.1 SP2.
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H
Affected products
Avaya · IP Office

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://downloads.avaya.com/css/P8/documents/101051984https://packetstormsecurity.com/files/149284/Avaya-one-X-9.x-10.0.x-10.1.x-Arbitrary-File-Disclosure-Deletion.html