CVE Vulnerability

CVE-2021-25657

A privilege escalation vulnerability was discovered in Avaya IP Office Admin Lite and USB Creator that may potentially allow a local user to escalate privileges. This issue affects Admin Lite and USB Creator 11.1 Feature Pack 2 Service Pack 1 and earlier versions.

7.8 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://support.avaya.com/css/P8/documents/101083319 Patch Vendor Advisory
https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2022/MNDT-2022-0037/MNDT-2022-0037.md Exploit Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:avaya:ip_office:*:*:*:*:*:*:*:*
cpe:2.3:a:avaya:ip_office:11.1:-:*:*:*:*:*:*
cpe:2.3:a:avaya:ip_office:11.1:feature_pack2_service_pack1:*:*:*:*:*:*
cpe:2.3:a:avaya:ip_office:11.1:feature_pack2:*:*:*:*:*:*
cpe:2.3:a:avaya:ip_office:11.1:feature_pack1_service_pack1:*:*:*:*:*:*
cpe:2.3:a:avaya:ip_office:11.1:feature_pack1:*:*:*:*:*:*
Information

Published : 2022-09-02 01:15

Updated : 2022-09-07 07:48

NVD link : CVE-2021-25657

Mitre link : CVE-2021-25657

Products Affected
No products.
CWE
NVD-CWE-Other