Avaya IP Office VOIP Server
| Platform Information | https://support.avaya.com/products/P0160/ip-office-platform/ |
|---|---|
| Search Engine | Search on Google |
| End of Sales | - |
| End of Support | - |
| Wired Connection | - |
| Wireless Connection | - |
| Fingerprinting Source | HTTP MAC OUI NIC VENDOR HTTPS |
| Added at | Jul 09, 2019 |
| Manufacturer Name | Avaya Inc. |
| Homepage | http://avaya.com/ |
| Headquarters | United States of America |
| Business Status | Ongoing |
| Platform’s Common Vulnerabilities and Exposures (CVE) | ||
|---|---|---|
|
CVE-ID
Severity v3.0
Severity v2.0
Description
|
||
|
CVE-2016-5285
11/15/2019 MEDIUM
Null pointer dereference vulnerability exists in K11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime in NSS before 3.26, which causes the TLS/SSL server using NSS to crash.
|
||
|
CVE-2018-15614
01/23/2019 MEDIUM
LOW
A vulnerability in the one-x Portal component of IP Office could allow an authenticated user to perform stored cross site scripting attacks via fields in the Conference Scheduler Service that could affect other application users. Affected versions of IP Office include 10.0 through 10.1 SP3 and 11.0 versions prior to 11.0 SP1.
|
||
|
CVE-2018-15610
09/12/2018 HIGH
HIGH
A vulnerability in the one-X Portal component of Avaya IP Office allows an authenticated attacker to read and delete arbitrary files on the system. Affected versions of Avaya IP Office include 9.1 through 9.1 SP12, 10.0 through 10.0 SP7, and 10.1 through 10.1 SP2.
|
||
|
CVE-2017-11309
11/10/2017 CRITICAL
MEDIUM
Buffer overflow in the SoftConsole client in Avaya IP Office before 10.1.1 allows remote servers to execute arbitrary code via a long response.
|
||
| Manufacturer’s Common Vulnerabilities and Exposures (CVE) | ||
|---|---|---|
|
CVE-ID
Severity v3.0
Severity v2.0
Description
|
||
|
CVE-2018-15617
02/01/2019 HIGH
MEDIUM
A vulnerability in the "capro" (Call Processor) process component of Avaya Aura Communication Manager could allow a remote, unauthenticated user to cause denial of service. Affected versions include 6.3.x, all 7.x versions prior to 7.1.3.2, and all 8.x versions prior to 8.0.1.
|
||
|
CVE-2018-15614
01/23/2019 MEDIUM
LOW
A vulnerability in the one-x Portal component of IP Office could allow an authenticated user to perform stored cross site scripting attacks via fields in the Conference Scheduler Service that could affect other application users. Affected versions of IP Office include 10.0 through 10.1 SP3 and 11.0 versions prior to 11.0 SP1.
|
||
|
CVE-2018-15616
10/17/2018 CRITICAL
HIGH
A vulnerability in the Web UI component of Avaya Aura System Platform could allow a remote, unauthenticated user to perform a targeted deserialization attack that could result in remote code execution. Affected versions of System Platform includes 6.3.0 through 6.3.9 and 6.4.0 through 6.4.2.
|
||
|
CVE-2018-15611
09/27/2018 MEDIUM
HIGH
A vulnerability in the local system administration component of Avaya Aura Communication Manager can allow an authenticated, privileged user on the local system to gain root privileges. Affected versions include 6.3.x and all 7.x version prior to 7.1.3.1.
|
||
|
CVE-2018-15615
09/24/2018 MEDIUM
LOW
A vulnerability in the Supervisor component of Avaya Call Management System allows local administrative user to extract sensitive information from users connecting to a remote CMS host. Affected versions of CMS Supervisor include R17.0.x and R18.0.x.
|
||