CVE-2024-7480 MEDIUM

CVE-2024-7480: Improper access control in Avaya Aura System Manager

Vendor Avaya
Product Aura System Manager
Weakness CWE-266
Published August 8, 2024
Last update October 1, 2025

CVSS base score

4.2/10
Attack vector Local
Attack complexity Low
Privileges required High
User interaction Required
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

An Improper access control vulnerability was found in Avaya Aura System Manager which could allow a command-line interface (CLI) user with administrative privileges to read arbitrary files on the system. Affected versions include 10.1.x.x and 10.2.x.x. Versions prior to 10.1 are end of manufacturer support.

Key dates

02Disclosure timeline

August 8, 2024 CVE published
October 1, 2025 Record updated