CVE-2021-25654 MEDIUM

CVE-2021-25654: Avaya Aura Device Services Arbitrary Code Execution Vulnerability

Vendor Avaya
Product Avaya Aura Devices Services
Weakness CWE-378
Published June 25, 2021
Last update August 3, 2024

CVSS base score

6.2/10
Attack vector Network
Attack complexity High
Privileges required High
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L

What the vulnerability does

01Description

An arbitrary code execution vulnerability was discovered in Avaya Aura Device Services that may potentially allow a local user to execute specially crafted scripts. Affects 7.0 through 8.1.4.0 versions of Avaya Aura Device Services.

Key dates

02Disclosure timeline

June 25, 2021 CVE published
August 3, 2024 Record updated