A vulnerability in the one-X Portal component of Avaya IP Office allows an authenticated attacker to read and delete arbitrary files on the system. Affected versions of Avaya IP Office include 9.1 through 9.1 SP12, 10.0 through 10.0 SP7, and 10.1 through 10.1 SP2.
Vector
NETWORK
Complexity
LOW
Authentication
SINGLE_INSTANCE
Confidentiality
COMPLETE
Integrity
COMPLETE
Availability
COMPLETE
Avaya Ip office 10.1 Sp2 (not an official CPE)
Avaya Ip office 10.1 Sp1 (not an official CPE)
Avaya Ip office 10.1 (not an official CPE)
Avaya Ip office 10.0 Sp7 (not an official CPE)
Avaya Ip office 10.0 Sp6 (not an official CPE)
Avaya Ip office 10.0 Sp5 (not an official CPE)
Avaya Ip office 10.0 Sp4 (not an official CPE)
Avaya Ip office 10.0 Sp3 (not an official CPE)
Avaya Ip office 10.0 Sp2 (not an official CPE)
Avaya Ip office 10.0 Sp1 (not an official CPE)
Avaya Ip office 10.0 (not an official CPE)
Avaya Ip office 9.1 Sp9 (not an official CPE)
Avaya Ip office 9.1 Sp8 (not an official CPE)
Avaya Ip office 9.1 Sp7 (not an official CPE)
Avaya Ip office 9.1 Sp6 (not an official CPE)
Avaya Ip office 9.1 Sp5 (not an official CPE)
Avaya Ip office 9.1 Sp4 (not an official CPE)
Avaya Ip office 9.1 Sp3 (not an official CPE)
Avaya Ip office 9.1 Sp2 (not an official CPE)
Avaya Ip office 9.1 Sp12 (not an official CPE)
Avaya Ip office 9.1 Sp11 (not an official CPE)
Avaya Ip office 9.1 Sp10 (not an official CPE)
Avaya Ip office 9.1 Sp1 (not an official CPE)
Avaya Ip office 9.1 (not an official CPE)
Advisory | Patch | Confirmed | Link |
---|---|---|---|
https://downloads.avaya.com/css/P8/documents/101051984 | |||
https://packetstormsecurity.com/files/149284/Avaya-one-X... |
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (ID 22)
Related CAPEC 7
Relative Path Traversal (CAPEC-ID 139)
Directory Traversal (CAPEC-ID 213)
File System Function Injection, Content Based (CAPEC-ID 23)
Using Slashes and URL Encoding Combined to Bypass Validation Logic (CAPEC-ID 64)
Manipulating Input to File System Calls (CAPEC-ID 76)
Using Escaped Slashes in Alternate Encoding (CAPEC-ID 78)
Using Slashes in Alternate Encoding (CAPEC-ID 79)