CVE-2019-7006 - OpenCVE

Avaya one-X Communicator uses weak cryptographic algorithms in the client authentication component that could allow a local attacker to decrypt sensitive information. Affected versions include all 6.2.x versions prior to 6.2 SP13.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Attack Vector Local

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact Low

User Interaction Required

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:L/AC:L/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Avaya	One-x Communicator

Configuration 1 [-]

OR	cpe:2.3:a:avaya:one-x_communicator:6.2:-::::::
	cpe:2.3:a:avaya:one-x_communicator:6.2:fp10::::::
	cpe:2.3:a:avaya:one-x_communicator:6.2:fp3::::::
	cpe:2.3:a:avaya:one-x_communicator:6.2:fp4::::::
	cpe:2.3:a:avaya:one-x_communicator:6.2:fp6::::::
	cpe:2.3:a:avaya:one-x_communicator:6.2:sp1::::::
	cpe:2.3:a:avaya:one-x_communicator:6.2:sp12::::::
	cpe:2.3:a:avaya:one-x_communicator:6.2:sp2::::::
	cpe:2.3:a:avaya:one-x_communicator:6.2:sp5::::::
	cpe:2.3:a:avaya:one-x_communicator:6.2:sp7::::::

References

Link	Resource
http://www.securityfocus.com/bid/107175	Third Party Advisory VDB Entry
https://downloads.avaya.com/css/P8/documents/101055601	Release Notes Vendor Advisory
https://downloads.avaya.com/css/P8/documents/101055661	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: avaya

Published: 2019-02-26T00:00:00

Updated: 2019-02-28T10:57:01

Reserved: 2019-01-28T00:00:00

Link: CVE-2019-7006

JSON object: View

NVD Information

Status : Analyzed

Published: 2019-02-27T00:29:00.230

Modified: 2022-01-01T20:15:20.117

Link: CVE-2019-7006

JSON object: View

Redhat Information

No data.

CWE

CWE-327

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2019-02-26T00:00:00", "descriptions": [{"lang": "en", "value": "Avaya one-X Communicator uses weak cryptographic algorithms in the client authentication component that could allow a local attacker to decrypt sensitive information. Affected versions include all 6.2.x versions prior to 6.2 SP13."}], "metrics": [{"cvssV3_0": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-02-28T10:57:01", "orgId": "9d670455-bdb5-4cca-a883-5914865f5d96", "shortName": "avaya"}, "references": [{"name": "107175", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/107175"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://downloads.avaya.com/css/P8/documents/101055661"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://downloads.avaya.com/css/P8/documents/101055601"}], "source": {"advisory": "ASA-2019-046"}, "title": "Avaya one-X Communicator Weak Encryption", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "securityalerts@avaya.com", "DATE_PUBLIC": "2019-02-26T07:00:00.000Z", "ID": "CVE-2019-7006", "STATE": "PUBLIC", "TITLE": "Avaya one-X Communicator Weak Encryption"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Avaya one-X Communicator uses weak cryptographic algorithms in the client authentication component that could allow a local attacker to decrypt sensitive information. Affected versions include all 6.2.x versions prior to 6.2 SP13."}]}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "107175", "refsource": "BID", "url": "http://www.securityfocus.com/bid/107175"}, {"name": "https://downloads.avaya.com/css/P8/documents/101055661", "refsource": "CONFIRM", "url": "https://downloads.avaya.com/css/P8/documents/101055661"}, {"name": "https://downloads.avaya.com/css/P8/documents/101055601", "refsource": "CONFIRM", "url": "https://downloads.avaya.com/css/P8/documents/101055601"}]}, "source": {"advisory": "ASA-2019-046"}}}}, "cveMetadata": {"assignerOrgId": "9d670455-bdb5-4cca-a883-5914865f5d96", "assignerShortName": "avaya", "cveId": "CVE-2019-7006", "datePublished": "2019-02-26T00:00:00", "dateReserved": "2019-01-28T00:00:00", "dateUpdated": "2019-02-28T10:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:avaya:one-x_communicator:6.2:-:*:*:*:*:*:*", "matchCriteriaId": "EBF4025F-35D2-4E9D-9C17-B9386D69E842", "vulnerable": true}, {"criteria": "cpe:2.3:a:avaya:one-x_communicator:6.2:fp10:*:*:*:*:*:*", "matchCriteriaId": "BABD5744-5840-470E-B32F-9739BCA134EC", "vulnerable": true}, {"criteria": "cpe:2.3:a:avaya:one-x_communicator:6.2:fp3:*:*:*:*:*:*", "matchCriteriaId": "225458CC-B46F-4C5B-948E-596003DE2F26", "vulnerable": true}, {"criteria": "cpe:2.3:a:avaya:one-x_communicator:6.2:fp4:*:*:*:*:*:*", "matchCriteriaId": "60337789-49AA-48B6-B4F5-A38C63C0D76C", "vulnerable": true}, {"criteria": "cpe:2.3:a:avaya:one-x_communicator:6.2:fp6:*:*:*:*:*:*", "matchCriteriaId": "73633F3D-0DFD-4066-A809-B9B908002336", "vulnerable": true}, {"criteria": "cpe:2.3:a:avaya:one-x_communicator:6.2:sp1:*:*:*:*:*:*", "matchCriteriaId": "EA87C53D-D7AB-42A8-B0FB-4CA28D131572", "vulnerable": true}, {"criteria": "cpe:2.3:a:avaya:one-x_communicator:6.2:sp12:*:*:*:*:*:*", "matchCriteriaId": "AA0D73A4-0B19-4C76-BAEF-1B454D88D0A7", "vulnerable": true}, {"criteria": "cpe:2.3:a:avaya:one-x_communicator:6.2:sp2:*:*:*:*:*:*", "matchCriteriaId": "F912FD83-9FB1-4D56-BA85-CEAC94FDD324", "vulnerable": true}, {"criteria": "cpe:2.3:a:avaya:one-x_communicator:6.2:sp5:*:*:*:*:*:*", "matchCriteriaId": "7784F4DB-7D12-4F92-8564-AD31426EF21F", "vulnerable": true}, {"criteria": "cpe:2.3:a:avaya:one-x_communicator:6.2:sp7:*:*:*:*:*:*", "matchCriteriaId": "F740A8F4-FC50-4125-B9C2-7531D0C0392E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Avaya one-X Communicator uses weak cryptographic algorithms in the client authentication component that could allow a local attacker to decrypt sensitive information. Affected versions include all 6.2.x versions prior to 6.2 SP13."}, {"lang": "es", "value": "Avaya one-X Communicator utiliza algoritmos criptogr\u00e1ficos d\u00e9biles en el componente de autenticaci\u00f3n del cliente que podr\u00eda permitir a un atacante local descifrar informaci\u00f3n sensible. Las versiones afectadas incluyen todas las 6.2.x anteriores a la 6.2 SP13."}], "id": "CVE-2019-7006", "lastModified": "2022-01-01T20:15:20.117", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L", "version": "3.0"}, "exploitabilityScore": 1.0, "impactScore": 5.5, "source": "securityalerts@avaya.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-02-27T00:29:00.230", "references": [{"source": "securityalerts@avaya.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/107175"}, {"source": "securityalerts@avaya.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://downloads.avaya.com/css/P8/documents/101055601"}, {"source": "securityalerts@avaya.com", "tags": ["Vendor Advisory"], "url": "https://downloads.avaya.com/css/P8/documents/101055661"}], "sourceIdentifier": "securityalerts@avaya.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-327"}], "source": "nvd@nist.gov", "type": "Primary"}]}