CVE-2018-15610: Improper access controls in IP Office one-X Portal
First published: Wed Sep 12 2018(Updated: )
A vulnerability in the one-X Portal component of Avaya IP Office allows an authenticated attacker to read and delete arbitrary files on the system. Affected versions of Avaya IP Office include 9.1 through 9.1 SP12, 10.0 through 10.0 SP7, and 10.1 through 10.1 SP2.
Credit: securityalerts@avaya.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Avaya IP Office | =9.1 | |
| Avaya IP Office | =9.1-sp1 | |
| Avaya IP Office | =9.1-sp10 | |
| Avaya IP Office | =9.1-sp11 | |
| Avaya IP Office | =9.1-sp12 | |
| Avaya IP Office | =9.1-sp2 | |
| Avaya IP Office | =9.1-sp3 | |
| Avaya IP Office | =9.1-sp4 | |
| Avaya IP Office | =9.1-sp5 | |
| Avaya IP Office | =9.1-sp6 | |
| Avaya IP Office | =9.1-sp7 | |
| Avaya IP Office | =9.1-sp8 | |
| Avaya IP Office | =9.1-sp9 | |
| Avaya IP Office | =10.0 | |
| Avaya IP Office | =10.0-sp1 | |
| Avaya IP Office | =10.0-sp2 | |
| Avaya IP Office | =10.0-sp3 | |
| Avaya IP Office | =10.0-sp4 | |
| Avaya IP Office | =10.0-sp5 | |
| Avaya IP Office | =10.0-sp6 | |
| Avaya IP Office | =10.0-sp7 | |
| Avaya IP Office | =10.1 | |
| Avaya IP Office | =10.1-sp1 | |
| Avaya IP Office | =10.1-sp2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2018-15610?
CVE-2018-15610 is a vulnerability in the one-X Portal component of Avaya IP Office that allows an authenticated attacker to read and delete arbitrary files on the system.
Which versions of Avaya IP Office are affected by CVE-2018-15610?
Versions 9.1 through 9.1 SP12, 10.0 through 10.0 SP7, and 10.1 through 10.1 SP2 of Avaya IP Office are affected by CVE-2018-15610.
What is the severity of CVE-2018-15610?
CVE-2018-15610 has a severity rating of 8.8 (Critical).
How can the CVE-2018-15610 vulnerability be fixed?
To fix the CVE-2018-15610 vulnerability, it is recommended to upgrade to a patched version of Avaya IP Office.
Where can I find more information about CVE-2018-15610?
More information about CVE-2018-15610 can be found at the following references: [link1](https://downloads.avaya.com/css/P8/documents/101051984), [link2](https://packetstormsecurity.com/files/149284/Avaya-one-X-9.x-10.0.x-10.1.x-Arbitrary-File-Disclosure-Deletion.html).
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/severity
- agent/last-modified-date
- agent/title
- agent/weakness
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- vendor/avaya
- canonical/avaya ip office
- version/avaya ip office/9.1
- version/avaya ip office/9.1-sp1
- version/avaya ip office/9.1-sp10
- version/avaya ip office/9.1-sp11
- version/avaya ip office/9.1-sp12
- version/avaya ip office/9.1-sp2
- version/avaya ip office/9.1-sp3
- version/avaya ip office/9.1-sp4
- version/avaya ip office/9.1-sp5
- version/avaya ip office/9.1-sp6
- version/avaya ip office/9.1-sp7
- version/avaya ip office/9.1-sp8
- version/avaya ip office/9.1-sp9
- version/avaya ip office/10.0
- version/avaya ip office/10.0-sp1
- version/avaya ip office/10.0-sp2
- version/avaya ip office/10.0-sp3
- version/avaya ip office/10.0-sp4
- version/avaya ip office/10.0-sp5
- version/avaya ip office/10.0-sp6
- version/avaya ip office/10.0-sp7
- version/avaya ip office/10.1
- version/avaya ip office/10.1-sp1
- version/avaya ip office/10.1-sp2