CVE-2018-15611 MEDIUM

CVE-2018-15611: Communication Manager Local Administrator PrivEsc

Vendor Avaya

Product Communication Manager

Weakness CWE-284

Published September 27, 2018

Last update September 16, 2024

View on NVD All CVEs

CVSS base score

6.3/10

Attack vector Local

Attack complexity High

Privileges required High

User interaction Required

Confidentiality High

Integrity High

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

A vulnerability in the local system administration component of Avaya Aura Communication Manager can allow an authenticated, privileged user on the local system to gain root privileges. Affected versions include 6.3.x and all 7.x version prior to 7.1.3.1.

Key dates

02Disclosure timeline

September 27, 2018 CVE published

September 16, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2018-15611

Related vulnerabilities

Identifiers

CVE CVE-2018-15611

CWE CWE-284

CVSS 6.3 / MEDIUM

Affected versions

Vendor Avaya

Product Communication Manager

Affected ≥ 7.1.3.1 and < 7.x*

Vendor Avaya

Product Communication Manager

Affected ≥ 6.3.x and < 6.3.x*

CVE-2018-15611: Communication Manager Local Administrator PrivEsc

01Description

02Disclosure timeline

03References

04Related CVE