CVE-2021-25650
24.06.2021, 09:15
A privilege escalation vulnerability was discovered in Avaya Aura Utility Services that may potentially allow a local user to execute specially crafted scripts as a privileged user. Affects all 7.x versions of Avaya Aura Utility ServicesEnginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| avaya | aura_utility_services | 7.0 ≤ 𝑥 ≤ 7.1.3 |
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
| Vendor | Product | Version | Source |
|---|---|---|---|
| avaya | aura_utility_services | 7.0.0.0 ≤ 𝑥 ≤ 7.1.3.8 | ADP |
Common Weakness Enumeration
- CWE-250 - Execution with Unnecessary PrivilegesThe software performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses.
- CWE-269 - Improper Privilege ManagementThe software does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.