Search
Find a vulnerability
Search criteria
2 vulnerabilities found for session_border_controller_for_enterprise by avaya
CVE-2020-7034 (GCVE-0-2020-7034)
Vulnerability from nvd – Published: 2021-04-23 20:15 – Updated: 2024-09-16 23:06
VLAI
EPSS
VEX
Title
Command injection in Avaya Session Border Controller for Enterprise
Summary
A command injection vulnerability in Avaya Session Border Controller for Enterprise could allow an authenticated, remote attacker to send specially crafted messages and execute arbitrary commands with the affected system privileges. Affected versions of Avaya Session Border Controller for Enterprise include 7.x, 8.0 through 8.1.1.x
Severity
7.2 (High)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://downloads.avaya.com/css/P8/documents/101075451 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Avaya | Session Border Controller for Enterprise |
Affected:
7.x
Affected: 8.0 , ≤ 8.1.1.x (custom) |
Date Public
2021-04-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:18:02.940Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://downloads.avaya.com/css/P8/documents/101075451"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Session Border Controller for Enterprise",
"vendor": "Avaya",
"versions": [
{
"status": "affected",
"version": "7.x"
},
{
"lessThanOrEqual": "8.1.1.x",
"status": "affected",
"version": "8.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-04-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A command injection vulnerability in Avaya Session Border Controller for Enterprise could allow an authenticated, remote attacker to send specially crafted messages and execute arbitrary commands with the affected system privileges. Affected versions of Avaya Session Border Controller for Enterprise include 7.x, 8.0 through 8.1.1.x"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-23T20:15:15.000Z",
"orgId": "9d670455-bdb5-4cca-a883-5914865f5d96",
"shortName": "avaya"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://downloads.avaya.com/css/P8/documents/101075451"
}
],
"source": {
"advisory": "ASA-2021-031"
},
"title": "Command injection in Avaya Session Border Controller for Enterprise",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "securityalerts@avaya.com",
"DATE_PUBLIC": "2021-04-23T06:00:00.000Z",
"ID": "CVE-2020-7034",
"STATE": "PUBLIC",
"TITLE": "Command injection in Avaya Session Border Controller for Enterprise"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Session Border Controller for Enterprise",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_name": "8.0",
"version_value": "8.1.1.x"
},
{
"affected": "=",
"version_affected": "=",
"version_name": "7.x",
"version_value": "7.x"
}
]
}
}
]
},
"vendor_name": "Avaya"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A command injection vulnerability in Avaya Session Border Controller for Enterprise could allow an authenticated, remote attacker to send specially crafted messages and execute arbitrary commands with the affected system privileges. Affected versions of Avaya Session Border Controller for Enterprise include 7.x, 8.0 through 8.1.1.x"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://downloads.avaya.com/css/P8/documents/101075451",
"refsource": "CONFIRM",
"url": "https://downloads.avaya.com/css/P8/documents/101075451"
}
]
},
"source": {
"advisory": "ASA-2021-031"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9d670455-bdb5-4cca-a883-5914865f5d96",
"assignerShortName": "avaya",
"cveId": "CVE-2020-7034",
"datePublished": "2021-04-23T20:15:15.818Z",
"dateReserved": "2020-01-14T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:06:35.730Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7034 (GCVE-0-2020-7034)
Vulnerability from cvelistv5 – Published: 2021-04-23 20:15 – Updated: 2024-09-16 23:06
VLAI
EPSS
VEX
Title
Command injection in Avaya Session Border Controller for Enterprise
Summary
A command injection vulnerability in Avaya Session Border Controller for Enterprise could allow an authenticated, remote attacker to send specially crafted messages and execute arbitrary commands with the affected system privileges. Affected versions of Avaya Session Border Controller for Enterprise include 7.x, 8.0 through 8.1.1.x
Severity
7.2 (High)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://downloads.avaya.com/css/P8/documents/101075451 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Avaya | Session Border Controller for Enterprise |
Affected:
7.x
Affected: 8.0 , ≤ 8.1.1.x (custom) |
Date Public
2021-04-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:18:02.940Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://downloads.avaya.com/css/P8/documents/101075451"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Session Border Controller for Enterprise",
"vendor": "Avaya",
"versions": [
{
"status": "affected",
"version": "7.x"
},
{
"lessThanOrEqual": "8.1.1.x",
"status": "affected",
"version": "8.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-04-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A command injection vulnerability in Avaya Session Border Controller for Enterprise could allow an authenticated, remote attacker to send specially crafted messages and execute arbitrary commands with the affected system privileges. Affected versions of Avaya Session Border Controller for Enterprise include 7.x, 8.0 through 8.1.1.x"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-23T20:15:15.000Z",
"orgId": "9d670455-bdb5-4cca-a883-5914865f5d96",
"shortName": "avaya"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://downloads.avaya.com/css/P8/documents/101075451"
}
],
"source": {
"advisory": "ASA-2021-031"
},
"title": "Command injection in Avaya Session Border Controller for Enterprise",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "securityalerts@avaya.com",
"DATE_PUBLIC": "2021-04-23T06:00:00.000Z",
"ID": "CVE-2020-7034",
"STATE": "PUBLIC",
"TITLE": "Command injection in Avaya Session Border Controller for Enterprise"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Session Border Controller for Enterprise",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_name": "8.0",
"version_value": "8.1.1.x"
},
{
"affected": "=",
"version_affected": "=",
"version_name": "7.x",
"version_value": "7.x"
}
]
}
}
]
},
"vendor_name": "Avaya"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A command injection vulnerability in Avaya Session Border Controller for Enterprise could allow an authenticated, remote attacker to send specially crafted messages and execute arbitrary commands with the affected system privileges. Affected versions of Avaya Session Border Controller for Enterprise include 7.x, 8.0 through 8.1.1.x"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://downloads.avaya.com/css/P8/documents/101075451",
"refsource": "CONFIRM",
"url": "https://downloads.avaya.com/css/P8/documents/101075451"
}
]
},
"source": {
"advisory": "ASA-2021-031"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9d670455-bdb5-4cca-a883-5914865f5d96",
"assignerShortName": "avaya",
"cveId": "CVE-2020-7034",
"datePublished": "2021-04-23T20:15:15.818Z",
"dateReserved": "2020-01-14T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:06:35.730Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}