CVE-2021-25652

EUVD-2021-12544
An information disclosure vulnerability was discovered in the directory and file management of Avaya Aura Appliance Virtualization Platform Utilities (AVPU). This vulnerability may potentially allow any local user to access system functionality and configuration information that should only be available to a privileged user. Affects versions 8.0.0.0 through 8.1.3.1 of AVPU.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.9 MEDIUM
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
avayaCNA
4.9 MEDIUM
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 35%
Affected Products (NVD)
VendorProductVersion
avayaaura_appliance_virtualization_platform
8.0.0.0 ≤
𝑥
≤ 8.1.3.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://support.avaya.com/css/P8/documents/101076479
https://support.avaya.com/css/P8/documents/101076479