CVE-2018-15617

A vulnerability in the "capro" (Call Processor) process component of Avaya Aura Communication Manager could allow a remote, unauthenticated user to cause denial of service. Affected versions include 6.3.x, all 7.x versions prior to 7.1.3.2, and all 8.x versions prior to 8.0.1.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
avayaCNA
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 58%
VendorProductVersion
avayaaura_communication_manager
6.3.0.1 ≤
𝑥
≤ 6.3.17.0
avayaaura_communication_manager
7.0 ≤
𝑥
< 7.1.3.2
avayaaura_communication_manager
8.0 ≤
𝑥
< 8.0.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/106826
https://downloads.avaya.com/css/P8/documents/101055396
http://www.securityfocus.com/bid/106826
https://downloads.avaya.com/css/P8/documents/101055396