fkie_nvd - fkie_cve-2020-7030

fkie_cve-2020-7030

Vulnerability from fkie_nvd

Published

2020-06-04 00:15

Modified

2024-11-21 05:36

Severity ?

5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Summary

A sensitive information disclosure vulnerability was discovered in the web interface component of IP Office that may potentially allow a local user to gain unauthorized access to the component. Affected versions of IP Office include: 9.x, 10.0 through 10.1.0.7 and 11.0 though 11.0.4.3.

References

URL	Tags
securityalerts@avaya.com	http://packetstormsecurity.com/files/157957/Avaya-IP-Office-11-Insecure-Transit-Password-Disclosure.html
securityalerts@avaya.com	http://seclists.org/fulldisclosure/2020/Jun/12
securityalerts@avaya.com	https://downloads.avaya.com/css/P8/documents/101067493	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/157957/Avaya-IP-Office-11-Insecure-Transit-Password-Disclosure.html
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2020/Jun/12
af854a3a-2127-422b-91ae-364da2661108	https://downloads.avaya.com/css/P8/documents/101067493	Vendor Advisory

Impacted products

Vendor	Product	Version
avaya	ip_office	*
avaya	ip_office	*
avaya	ip_office	9.0
avaya	ip_office	9.0
avaya	ip_office	9.0
avaya	ip_office	9.0
avaya	ip_office	9.0
avaya	ip_office	9.0
avaya	ip_office	9.0
avaya	ip_office	9.0
avaya	ip_office	9.0
avaya	ip_office	9.0
avaya	ip_office	9.0
avaya	ip_office	9.0
avaya	ip_office	9.0
avaya	ip_office	9.1
avaya	ip_office	9.1
avaya	ip_office	9.1
avaya	ip_office	9.1
avaya	ip_office	9.1
avaya	ip_office	9.1
avaya	ip_office	9.1
avaya	ip_office	9.1
avaya	ip_office	9.1
avaya	ip_office	9.1
avaya	ip_office	9.1
avaya	ip_office	9.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:avaya:ip_office:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A1882E4-CCE5-421B-97FB-4D61BBFD6A5D",
              "versionEndIncluding": "10.1.0.7",
              "versionStartIncluding": "10.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:avaya:ip_office:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7CE17819-2B50-4E38-813E-F63E591CCA1F",
              "versionEndIncluding": "11.0.4.2",
              "versionStartIncluding": "11.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:avaya:ip_office:9.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "1BDECE92-2DA9-45D8-8849-0023F63855A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:avaya:ip_office:9.0:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "38AC8AB4-764E-4C1B-ADCD-95C2AD6684C5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:avaya:ip_office:9.0:sp10:*:*:*:*:*:*",
              "matchCriteriaId": "52ED1E01-4275-4877-B3EC-215898F62F00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:avaya:ip_office:9.0:sp11:*:*:*:*:*:*",
              "matchCriteriaId": "F31B3BCC-9061-4335-B465-C80AE38EE954",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:avaya:ip_office:9.0:sp12:*:*:*:*:*:*",
              "matchCriteriaId": "D275ED61-D7D1-4036-8B2F-19BE6C6CC87D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:avaya:ip_office:9.0:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "9D40EAD2-7995-4D32-A131-8A833C7A8ABC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:avaya:ip_office:9.0:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "980AB8C3-F81E-4602-97BE-276C7FE8F4B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:avaya:ip_office:9.0:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "9A3386A8-7474-40B4-A3DB-82E52080FE51",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:avaya:ip_office:9.0:sp5:*:*:*:*:*:*",
              "matchCriteriaId": "84A4CE4F-8770-469E-BBA6-1F5197DF8E7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:avaya:ip_office:9.0:sp6:*:*:*:*:*:*",
              "matchCriteriaId": "E092F76A-A770-447E-9902-6E8F3D9011D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:avaya:ip_office:9.0:sp7:*:*:*:*:*:*",
              "matchCriteriaId": "67DECE38-07A7-4AB5-959B-10123C3E5A3D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:avaya:ip_office:9.0:sp8:*:*:*:*:*:*",
              "matchCriteriaId": "84FDC940-3893-4D58-A218-CE29D33A88D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:avaya:ip_office:9.0:sp9:*:*:*:*:*:*",
              "matchCriteriaId": "A513BE76-1776-4644-9F74-7D7BF6D86D55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:avaya:ip_office:9.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "51C14CE3-651D-4503-9711-088B9CF773A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:avaya:ip_office:9.1:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "9468982C-DB32-490B-9131-9D35E8339467",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:avaya:ip_office:9.1:sp10:*:*:*:*:*:*",
              "matchCriteriaId": "4B490A4A-A837-4CC6-8A44-5A7F03D73619",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:avaya:ip_office:9.1:sp11:*:*:*:*:*:*",
              "matchCriteriaId": "C4A09C00-8D54-4674-A1D9-2F5AAD44CDD6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:avaya:ip_office:9.1:sp12:*:*:*:*:*:*",
              "matchCriteriaId": "67BFAB48-462F-4E95-9619-7A54E4BDF6F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:avaya:ip_office:9.1:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "E488E9F3-5329-43F1-AC9D-36760B95C91A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:avaya:ip_office:9.1:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "CDD19739-0237-4C6F-9B6C-E47C9053F82A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:avaya:ip_office:9.1:sp5:*:*:*:*:*:*",
              "matchCriteriaId": "ACC5B2C8-CA4E-4482-8842-52886C5D5397",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:avaya:ip_office:9.1:sp6:*:*:*:*:*:*",
              "matchCriteriaId": "09060F4E-DDB3-4C45-B628-6357ED0FA008",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:avaya:ip_office:9.1:sp7:*:*:*:*:*:*",
              "matchCriteriaId": "7C6013D3-4D4C-46F8-82E6-271FB44FD126",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:avaya:ip_office:9.1:sp8:*:*:*:*:*:*",
              "matchCriteriaId": "B1BED830-57D9-4051-B9D0-4E010AFA7451",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:avaya:ip_office:9.1:sp9:*:*:*:*:*:*",
              "matchCriteriaId": "110B4593-6CF2-443B-AC7D-7DA98C44058C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A sensitive information disclosure vulnerability was discovered in the web interface component of IP Office that may potentially allow a local user to gain unauthorized access to the component. Affected versions of IP Office include: 9.x, 10.0 through 10.1.0.7 and 11.0 though 11.0.4.3."
    },
    {
      "lang": "es",
      "value": "Se detect\u00f3 una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n confidencial en el componente web interface de IP Office, que puede permitir potencialmente a un usuario local conseguir acceso no autorizado al componente. Las versiones afectadas de IP Office incluyen: 9.x, 10.0 hasta 10.1.0.7 y 11.0 hasta 11.0.4.3"
    }
  ],
  "id": "CVE-2020-7030",
  "lastModified": "2024-11-21T05:36:30.967",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.1,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "securityalerts@avaya.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-06-04T00:15:10.927",
  "references": [
    {
      "source": "securityalerts@avaya.com",
      "url": "http://packetstormsecurity.com/files/157957/Avaya-IP-Office-11-Insecure-Transit-Password-Disclosure.html"
    },
    {
      "source": "securityalerts@avaya.com",
      "url": "http://seclists.org/fulldisclosure/2020/Jun/12"
    },
    {
      "source": "securityalerts@avaya.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://downloads.avaya.com/css/P8/documents/101067493"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://packetstormsecurity.com/files/157957/Avaya-IP-Office-11-Insecure-Transit-Password-Disclosure.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://seclists.org/fulldisclosure/2020/Jun/12"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://downloads.avaya.com/css/P8/documents/101067493"
    }
  ],
  "sourceIdentifier": "securityalerts@avaya.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-522"
        }
      ],
      "source": "securityalerts@avaya.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2020-7030 (GCVE-0-2020-7030)

Vulnerability from cvelistv5

Published

2020-06-03 23:45

Modified

2024-09-16 22:19

Severity ?

5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE

CWE-522 - Insufficiently Protected Credentials