CVE-2024-7480
low-risk
Published 2024-08-08
An Improper access control vulnerability was found in Avaya Aura System Manager which could allow a command-line interface (CLI) user with administrative privileges to read arbitrary files on the system. Affected versions include 10.1.x.x and 10.2.x.x. Versions prior to 10.1 are end of manufacturer support.
Do I need to act?
-
0.07% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
4
CVSS 4.2/10
Medium
LOCAL
/ LOW complexity
Affected Products (2)
Aura System Manager
Aura System Manager
Affected Vendors
References (1)
Vendor Advisory
https://download.avaya.com/css/public/documents/101091159
22
/ 100
low-risk
Severity
15/34 · Moderate
Exploitability
0/34 · Minimal
Exposure
7/34 · Low