CVE-2021-25652

An information disclosure vulnerability was discovered in the directory and file management of Avaya Aura Appliance Virtualization Platform Utilities (AVPU). This vulnerability may potentially allow any local user to access system functionality and configuration information that should only be available to a privileged user. Affects versions 8.0.0.0 through 8.1.3.1 of AVPU.

CVSS v3 4.9 MEDIUM
CVSS v2.0 2.1 LOW

4.9^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

2.1^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://support.avaya.com/css/P8/documents/101076479	Vendor Advisory
https://support.avaya.com/css/P8/documents/101076479	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:avaya:aura_appliance_virtualization_platform:*:*:*:*:*:*:*:*

History

21 Nov 2024, 05:55

Type	Values Removed	Values Added
CVSS	v2 : ~~2.1~~ v3 : ~~5.5~~	v2 : 2.1 v3 : 4.9
References	~~() https://support.avaya.com/css/P8/documents/101076479 - Vendor Advisory~~	() https://support.avaya.com/css/P8/documents/101076479 - Vendor Advisory

Information

Published : 2021-06-24 09:15

Updated : 2024-11-21 05:55

NVD link : CVE-2021-25652

Mitre link : CVE-2021-25652

CVE.ORG link : CVE-2021-25652

JSON object : View

Products Affected

avaya

aura_appliance_virtualization_platform

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

CWE-668

Exposure of Resource to Wrong Sphere

{"id": "CVE-2021-25652", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Secondary", "source": "securityalerts@avaya.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.2}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2021-06-24T09:15:10.883", "references": [{"url": "https://support.avaya.com/css/P8/documents/101076479", "tags": ["Vendor Advisory"], "source": "securityalerts@avaya.com"}, {"url": "https://support.avaya.com/css/P8/documents/101076479", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "securityalerts@avaya.com", "description": [{"lang": "en", "value": "CWE-200"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-668"}]}], "descriptions": [{"lang": "en", "value": "An information disclosure vulnerability was discovered in the directory and file management of Avaya Aura Appliance Virtualization Platform Utilities (AVPU). This vulnerability may potentially allow any local user to access system functionality and configuration information that should only be available to a privileged user. Affects versions 8.0.0.0 through 8.1.3.1 of AVPU."}, {"lang": "es", "value": "Se ha detectado una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n en la administraci\u00f3n de directorios y archivos de Avaya Aura Appliance Virtualization Platform Utilities (AVPU). Esta vulnerabilidad puede permitir potencialmente a cualquier usuario local acceder a la funcionalidad del sistema y a la informaci\u00f3n de configuraci\u00f3n que s\u00f3lo deber\u00eda estar disponible para un usuario con privilegios. Afecta a las versiones 8.0.0.0 hasta 8.1.3.1 de AVPU"}], "lastModified": "2024-11-21T05:55:13.387", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:avaya:aura_appliance_virtualization_platform:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C4110791-8053-463D-A47F-695A496FC5C9", "versionEndIncluding": "8.1.3.1", "versionStartIncluding": "8.0.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "securityalerts@avaya.com"}