Primary

Context

Avaya Call Management System Improper Input Validation Vulnerability Allowing Remote Command Execution

Vulnerability

Patched

A remote command execution vulnerability has been identified in Avaya Call Management System (CMS) versions 18.x, 19.x prior to 19.2.0.7, and 20.x prior to 20.0.1.0. The vulnerability arises from improper input validation, which could allow an unauthorized remote command to be executed via a specially crafted web request.

Impact

Exploitation of this vulnerability could lead to unauthorized remote command execution on the affected system.

Remediation

Users of Avaya CMS are advised to upgrade to version 19.2.0.7 or later if they are on a version from 18.x to 19.2.0.6. For those on version 20.0 to 20.0.0.x, upgrading to 20.0.1.0 or later is recommended.

Added: Jun 10, 2025, 6:17 AM

Updated: Jun 10, 2025, 6:17 AM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

10.0

exploitability

4.9

remediation

7.9

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

10.0

exploitability

4.9

remediation

7.9

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Avaya Call Management System Improper Input Validation Vulnerability Allowing Remote Command Execution

Vulnerability

Impact

Remediation

Affected Products

Avaya Call Management System

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating