CVE-2020-7029 MEDIUM

CVE-2020-7029: Avaya Product System Management Interface Cross-Site Request Forgery Vulnerability

Vendor Avaya

Product Avaya Aura Communication Manager

Weakness CWE-352 · CSRF

Published August 11, 2020

Last update September 16, 2024

View on NVD All CVEs

CVSS base score

6.4/10

Attack vector Network

Attack complexity High

Privileges required None

User interaction Required

Confidentiality Low

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:L

What the vulnerability does

01Description

A Cross-Site Request Forgery (CSRF) vulnerability was discovered in the System Management Interface Web component of Avaya Aura Communication Manager and Avaya Aura Messaging. This vulnerability could allow an unauthenticated remote attacker to perform Web administration actions with the privileged level of the authenticated user. Affected versions of Communication Manager are 7.0.x, 7.1.x prior to 7.1.3.5 and 8.0.x. Affected versions of Messaging are 7.0.x, 7.1 and 7.1 SP1.

Key dates

02Disclosure timeline

August 11, 2020 CVE published

September 16, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2020-7029 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/352.html

Related vulnerabilities

Identifiers

CVE CVE-2020-7029

CWE CWE-352

CVSS 6.4 / MEDIUM

Affected versions

Vendor Avaya

Product Avaya Aura Communication Manager

Affected 8.0.x

Vendor Avaya

Product Avaya Aura Communication Manager

Affected ≥ 7.0 and ≤ 7.1.3.4

Vendor Avaya

Product Avaya Aura Messaging

Affected ≥ 7.0 and ≤ 7.1 SP1

CVE-2020-7029: Avaya Product System Management Interface Cross-Site Request Forgery Vulnerability

01Description

02Disclosure timeline

03References

04Related CVE