CVE-2018-15611: Communication Manager Local Administrator PrivEsc
First published: Thu Sep 27 2018(Updated: )
A vulnerability in the local system administration component of Avaya Aura Communication Manager can allow an authenticated, privileged user on the local system to gain root privileges. Affected versions include 6.3.x and all 7.x version prior to 7.1.3.1.
Credit: securityalerts@avaya.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Avaya Aura Communication Manager | >=6.3.0.1<=6.3.17.0 | |
| Avaya Aura Communication Manager | >=7.0<7.1.3.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2018-15611?
CVE-2018-15611 is a vulnerability in Avaya Aura Communication Manager that allows an authenticated user to gain root privileges.
What versions of Avaya Aura Communication Manager are affected?
Versions 6.3.x and all 7.x versions prior to 7.1.3.1 are affected.
How can an authenticated user exploit this vulnerability?
An authenticated user can exploit CVE-2018-15611 by leveraging their privileges on the local system to gain root privileges.
What is the severity of CVE-2018-15611?
The severity of CVE-2018-15611 is high with a CVSS score of 6.7.
How can I fix CVE-2018-15611?
To fix CVE-2018-15611, upgrade Avaya Aura Communication Manager to version 7.1.3.1 or later.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/references
- agent/severity
- agent/last-modified-date
- agent/title
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/event
- agent/tags
- agent/source
- vendor/avaya
- canonical/avaya aura communication manager
- version/avaya aura communication manager/6.3.0.1
- version/avaya aura communication manager/6.3.17.0
- version/avaya aura communication manager/7.0