CVE-2022-2249 HIGH

CVE-2022-2249: Avaya Aura Communication Manager Privilege Escalation Vulnerabilities

Vendor Avaya
Product Avaya Aura Communication Manager
Weakness CWE-269
Published October 12, 2022
Last update May 19, 2025

CVSS base score

7.7/10
Attack vector Local
Attack complexity Low
Privileges required High
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

Privilege escalation related vulnerabilities were discovered in Avaya Aura Communication Manager that may allow local administrative users to escalate their privileges. This issue affects Communication Manager versions 8.0.0.0 through 8.1.3.3 and 10.1.0.0.

Key dates

02Disclosure timeline

October 12, 2022 CVE published
May 19, 2025 Record updated