CVE-2020-7030 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	5.5 MEDIUM	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
avaya	CNA	5.5 MEDIUM	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 50%

Vendor	Product	Version
avaya	ip_office	10.0 ≤ 𝑥 ≤ 10.1.0.7
avaya	ip_office	11.0 ≤ 𝑥 ≤ 11.0.4.2
avaya	ip_office	9.0
avaya	ip_office	9.0:sp1
avaya	ip_office	9.0:sp10
avaya	ip_office	9.0:sp11
avaya	ip_office	9.0:sp12
avaya	ip_office	9.0:sp2
avaya	ip_office	9.0:sp3
avaya	ip_office	9.0:sp4
avaya	ip_office	9.0:sp5
avaya	ip_office	9.0:sp6
avaya	ip_office	9.0:sp7
avaya	ip_office	9.0:sp8
avaya	ip_office	9.0:sp9
avaya	ip_office	9.1
avaya	ip_office	9.1:sp1
avaya	ip_office	9.1:sp10
avaya	ip_office	9.1:sp11
avaya	ip_office	9.1:sp12
avaya	ip_office	9.1:sp3
avaya	ip_office	9.1:sp4
avaya	ip_office	9.1:sp5
avaya	ip_office	9.1:sp6
avaya	ip_office	9.1:sp7
avaya	ip_office	9.1:sp8
avaya	ip_office	9.1:sp9

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-522 - Insufficiently Protected Credentials
The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.
CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References

http://packetstormsecurity.com/files/157957/Avaya-IP-Office-11-Insecure-Transit-Password-Disclosure.html

http://seclists.org/fulldisclosure/2020/Jun/12

https://downloads.avaya.com/css/P8/documents/101067493

http://packetstormsecurity.com/files/157957/Avaya-IP-Office-11-Insecure-Transit-Password-Disclosure.html

http://seclists.org/fulldisclosure/2020/Jun/12

https://downloads.avaya.com/css/P8/documents/101067493