Known Vulnerabilities
CVE-2024-4197
An unrestricted file upload vulnerability in Avaya IP Office was discovered that could allow remote command or code execution via the One-X component. Affected versions include all versions prior to 11.1.3.1.
CRITICAL
CVSS 9.9
Published Jun 25, 2024
CVE-2024-4196
An improper input validation vulnerability was discovered in Avaya IP Office that could allow remote command or code execution via a specially crafted web request to the Web Control component. Affected versions include all versions prior to 11.1.3.1.
CRITICAL
CVSS 10.0
Published Jun 25, 2024
CVE-2021-25657
A privilege escalation vulnerability was discovered in Avaya IP Office Admin Lite and USB Creator that may potentially allow a local user to escalate privileges. This issue affects Admin Lite and USB Creator 11.1 Feature Pack 2 Service Pack 1 and earlier versions.
HIGH
CVSS 7.8
Published Sep 02, 2022