CVE-2024-4196 CRITICAL

CVE-2024-4196: Avaya IP Office Web Control RCE Vulnerability

Vendor Avaya
Product IP Office
Weakness CWE-782
Published June 25, 2024
Last update October 1, 2025

CVSS base score

10.0/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

An improper input validation vulnerability was discovered in Avaya IP Office that could allow remote command or code execution via a specially crafted web request to the Web Control component. Affected versions include all versions prior to 11.1.3.1.

Key dates

02Disclosure timeline

June 25, 2024 CVE published
October 1, 2025 Record updated