How does CVE-2020-7029 affect Avaya Aura Communication Manager and Avaya Aura Messaging?

CVE-2020-7029 allows an unauthenticated remote attacker to perform Web administration actions with privileged access, potentially compromising the security of the affected systems.

What is the severity of CVE-2020-7029?

CVE-2020-7029 has a severity rating of 8.8 (high).

Is there a fix available for CVE-2020-7029?

Yes, Avaya has released a fix for CVE-2020-7029. Users are advised to apply the necessary patches or updates provided by Avaya to mitigate this vulnerability.

Where can I find more information about CVE-2020-7029?

More information about CVE-2020-7029 can be found on the Avaya support website at https://support.avaya.com/css/P8/documents/101070201.

Vulnerability/
CVE-2020-7029

high

8.8

CWE

352

11/8/2020

16/9/2024

CVE-2020-7029: Avaya Product System Management Interface Cross-Site Request Forgery Vulnerability

Q: What is CVE-2020-7029?

CVE-2020-7029 is a Cross-Site Request Forgery (CSRF) vulnerability discovered in the System Management Interface Web component of Avaya Aura Communication Manager and Avaya Aura Messaging.

First published: Tue Aug 11 2020(Updated: )

A Cross-Site Request Forgery (CSRF) vulnerability was discovered in the System Management Interface Web component of Avaya Aura Communication Manager and Avaya Aura Messaging. This vulnerability could allow an unauthenticated remote attacker to perform Web administration actions with the privileged level of the authenticated user. Affected versions of Communication Manager are 7.0.x, 7.1.x prior to 7.1.3.5 and 8.0.x. Affected versions of Messaging are 7.0.x, 7.1 and 7.1 SP1.

Credit: securityalerts@avaya.com

Affected Software	Affected Version	How to fix
Avaya Aura Communication Manager	>=7.0<=7.1.3.4
Avaya Aura Communication Manager	>=8.0<8.1.0.0
Avaya Aura Messaging	>=7.0<7.1
Avaya Aura Messaging	=7.1
Avaya Aura Messaging	=7.1-sp1

Never miss a vulnerability like this again

Reference Links

https://support.avaya.com/css/P8/documents/101070201

Frequently Asked Questions

What is CVE-2020-7029?
CVE-2020-7029 is a Cross-Site Request Forgery (CSRF) vulnerability discovered in the System Management Interface Web component of Avaya Aura Communication Manager and Avaya Aura Messaging.
How does CVE-2020-7029 affect Avaya Aura Communication Manager and Avaya Aura Messaging?
CVE-2020-7029 allows an unauthenticated remote attacker to perform Web administration actions with privileged access, potentially compromising the security of the affected systems.
What is the severity of CVE-2020-7029?
CVE-2020-7029 has a severity rating of 8.8 (high).
Is there a fix available for CVE-2020-7029?
Yes, Avaya has released a fix for CVE-2020-7029. Users are advised to apply the necessary patches or updates provided by Avaya to mitigate this vulnerability.
Where can I find more information about CVE-2020-7029?
More information about CVE-2020-7029 can be found on the Avaya support website at https://support.avaya.com/css/P8/documents/101070201.

collector/nvd-index
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/references
agent/author
agent/severity
agent/weakness
agent/title
agent/tags
agent/first-publish-date
agent/event
agent/description
vendor/avaya
canonical/avaya aura communication manager
version/avaya aura communication manager/7.0
version/avaya aura communication manager/7.1.3.4
version/avaya aura communication manager/8.0
canonical/avaya aura messaging
version/avaya aura messaging/7.0
version/avaya aura messaging/7.1
version/avaya aura messaging/7.1-sp1

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.