CVE-2020-7030

Description

A sensitive information disclosure vulnerability was discovered in the web interface component of IP Office that may potentially allow a local user to gain unauthorized access to the component. Affected versions of IP Office include: 9.x, 10.0 through 10.1.0.7 and 11.0 though 11.0.4.3.

CVSS breakdown

CVSS 3.1

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Affected products

Avaya / IP Office9.x – 9.x
Avaya / IP Office10.0 – 10.1.0.8
Avaya / IP Office11.0 – 11.0.4.3

References

MISChttps://downloads.avaya.com/css/P8/documents/101067493
EXPLOIThttp://packetstormsecurity.com/files/157957/Avaya-IP-Office-11-Insecure-Transit-Password-Disclosure.html
MAILING_LISThttp://seclists.org/fulldisclosure/2020/Jun/12