Search criteria
2 vulnerabilities found for session_border_controller_for_enterprise by avaya
CVE-2020-7034 (GCVE-0-2020-7034)
Vulnerability from nvd – Published: 2021-04-23 20:15 – Updated: 2024-09-16 23:06
VLAI?
Title
Command injection in Avaya Session Border Controller for Enterprise
Summary
A command injection vulnerability in Avaya Session Border Controller for Enterprise could allow an authenticated, remote attacker to send specially crafted messages and execute arbitrary commands with the affected system privileges. Affected versions of Avaya Session Border Controller for Enterprise include 7.x, 8.0 through 8.1.1.x
Severity ?
7.2 (High)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Avaya | Session Border Controller for Enterprise |
Affected:
7.x
Affected: 8.0 , ≤ 8.1.1.x (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:18:02.940Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://downloads.avaya.com/css/P8/documents/101075451"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Session Border Controller for Enterprise",
"vendor": "Avaya",
"versions": [
{
"status": "affected",
"version": "7.x"
},
{
"lessThanOrEqual": "8.1.1.x",
"status": "affected",
"version": "8.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-04-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A command injection vulnerability in Avaya Session Border Controller for Enterprise could allow an authenticated, remote attacker to send specially crafted messages and execute arbitrary commands with the affected system privileges. Affected versions of Avaya Session Border Controller for Enterprise include 7.x, 8.0 through 8.1.1.x"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-23T20:15:15",
"orgId": "9d670455-bdb5-4cca-a883-5914865f5d96",
"shortName": "avaya"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://downloads.avaya.com/css/P8/documents/101075451"
}
],
"source": {
"advisory": "ASA-2021-031"
},
"title": "Command injection in Avaya Session Border Controller for Enterprise",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "securityalerts@avaya.com",
"DATE_PUBLIC": "2021-04-23T06:00:00.000Z",
"ID": "CVE-2020-7034",
"STATE": "PUBLIC",
"TITLE": "Command injection in Avaya Session Border Controller for Enterprise"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Session Border Controller for Enterprise",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_name": "8.0",
"version_value": "8.1.1.x"
},
{
"affected": "=",
"version_affected": "=",
"version_name": "7.x",
"version_value": "7.x"
}
]
}
}
]
},
"vendor_name": "Avaya"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A command injection vulnerability in Avaya Session Border Controller for Enterprise could allow an authenticated, remote attacker to send specially crafted messages and execute arbitrary commands with the affected system privileges. Affected versions of Avaya Session Border Controller for Enterprise include 7.x, 8.0 through 8.1.1.x"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://downloads.avaya.com/css/P8/documents/101075451",
"refsource": "CONFIRM",
"url": "https://downloads.avaya.com/css/P8/documents/101075451"
}
]
},
"source": {
"advisory": "ASA-2021-031"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9d670455-bdb5-4cca-a883-5914865f5d96",
"assignerShortName": "avaya",
"cveId": "CVE-2020-7034",
"datePublished": "2021-04-23T20:15:15.818773Z",
"dateReserved": "2020-01-14T00:00:00",
"dateUpdated": "2024-09-16T23:06:35.730Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7034 (GCVE-0-2020-7034)
Vulnerability from cvelistv5 – Published: 2021-04-23 20:15 – Updated: 2024-09-16 23:06
VLAI?
Title
Command injection in Avaya Session Border Controller for Enterprise
Summary
A command injection vulnerability in Avaya Session Border Controller for Enterprise could allow an authenticated, remote attacker to send specially crafted messages and execute arbitrary commands with the affected system privileges. Affected versions of Avaya Session Border Controller for Enterprise include 7.x, 8.0 through 8.1.1.x
Severity ?
7.2 (High)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Avaya | Session Border Controller for Enterprise |
Affected:
7.x
Affected: 8.0 , ≤ 8.1.1.x (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:18:02.940Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://downloads.avaya.com/css/P8/documents/101075451"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Session Border Controller for Enterprise",
"vendor": "Avaya",
"versions": [
{
"status": "affected",
"version": "7.x"
},
{
"lessThanOrEqual": "8.1.1.x",
"status": "affected",
"version": "8.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-04-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A command injection vulnerability in Avaya Session Border Controller for Enterprise could allow an authenticated, remote attacker to send specially crafted messages and execute arbitrary commands with the affected system privileges. Affected versions of Avaya Session Border Controller for Enterprise include 7.x, 8.0 through 8.1.1.x"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-23T20:15:15",
"orgId": "9d670455-bdb5-4cca-a883-5914865f5d96",
"shortName": "avaya"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://downloads.avaya.com/css/P8/documents/101075451"
}
],
"source": {
"advisory": "ASA-2021-031"
},
"title": "Command injection in Avaya Session Border Controller for Enterprise",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "securityalerts@avaya.com",
"DATE_PUBLIC": "2021-04-23T06:00:00.000Z",
"ID": "CVE-2020-7034",
"STATE": "PUBLIC",
"TITLE": "Command injection in Avaya Session Border Controller for Enterprise"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Session Border Controller for Enterprise",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_name": "8.0",
"version_value": "8.1.1.x"
},
{
"affected": "=",
"version_affected": "=",
"version_name": "7.x",
"version_value": "7.x"
}
]
}
}
]
},
"vendor_name": "Avaya"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A command injection vulnerability in Avaya Session Border Controller for Enterprise could allow an authenticated, remote attacker to send specially crafted messages and execute arbitrary commands with the affected system privileges. Affected versions of Avaya Session Border Controller for Enterprise include 7.x, 8.0 through 8.1.1.x"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://downloads.avaya.com/css/P8/documents/101075451",
"refsource": "CONFIRM",
"url": "https://downloads.avaya.com/css/P8/documents/101075451"
}
]
},
"source": {
"advisory": "ASA-2021-031"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9d670455-bdb5-4cca-a883-5914865f5d96",
"assignerShortName": "avaya",
"cveId": "CVE-2020-7034",
"datePublished": "2021-04-23T20:15:15.818773Z",
"dateReserved": "2020-01-14T00:00:00",
"dateUpdated": "2024-09-16T23:06:35.730Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}