{"containers": {"cna": {"affected": [{"product": "IP Office", "vendor": "Avaya", "versions": [{"status": "affected", "version": "9.x"}, {"lessThan": "10.1.0.8", "status": "affected", "version": "10.0", "versionType": "custom"}, {"lessThan": "11.0.4.3", "status": "affected", "version": "11.0", "versionType": "custom"}]}], "datePublic": "2020-06-03T00:00:00", "descriptions": [{"lang": "en", "value": "A sensitive information disclosure vulnerability was discovered in the web interface component of IP Office that may potentially allow a local user to gain unauthorized access to the component. Affected versions of IP Office include: 9.x, 10.0 through 10.1.0.7 and 11.0 though 11.0.4.3."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-522", "description": "CWE-522: Insufficiently Protected Credentials", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-06-09T18:06:15", "orgId": "9d670455-bdb5-4cca-a883-5914865f5d96", "shortName": "avaya"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://downloads.avaya.com/css/P8/documents/101067493"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/157957/Avaya-IP-Office-11-Insecure-Transit-Password-Disclosure.html"}, {"name": "20200609 Avaya IP Office v9.1.8.0 - 11 Insecure Transit Password Disclosure CVE-2020-7030", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2020/Jun/12"}], "source": {"advisory": "ASA-2020-077"}, "title": "IPO Information Disclosure", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "securityalerts@avaya.com", "DATE_PUBLIC": "2020-06-03T06:00:00.000Z", "ID": "CVE-2020-7030", "STATE": "PUBLIC", "TITLE": "IPO Information Disclosure"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "IP Office", "version": {"version_data": [{"affected": "<", "version_affected": "<", "version_name": "10.0", "version_value": "10.1.0.8"}, {"affected": "<", "version_affected": "<", "version_name": "11.0", "version_value": "11.0.4.3"}, {"affected": "=", "version_affected": "=", "version_name": "9.x", "version_value": "9.x"}]}}]}, "vendor_name": "Avaya"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A sensitive information disclosure vulnerability was discovered in the web interface component of IP Office that may potentially allow a local user to gain unauthorized access to the component. Affected versions of IP Office include: 9.x, 10.0 through 10.1.0.7 and 11.0 though 11.0.4.3."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-522: Insufficiently Protected Credentials"}]}]}, "references": {"reference_data": [{"name": "https://downloads.avaya.com/css/P8/documents/101067493", "refsource": "CONFIRM", "url": "https://downloads.avaya.com/css/P8/documents/101067493"}, {"name": "http://packetstormsecurity.com/files/157957/Avaya-IP-Office-11-Insecure-Transit-Password-Disclosure.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/157957/Avaya-IP-Office-11-Insecure-Transit-Password-Disclosure.html"}, {"name": "20200609 Avaya IP Office v9.1.8.0 - 11 Insecure Transit Password Disclosure CVE-2020-7030", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2020/Jun/12"}]}, "source": {"advisory": "ASA-2020-077"}}}}, "cveMetadata": {"assignerOrgId": "9d670455-bdb5-4cca-a883-5914865f5d96", "assignerShortName": "avaya", "cveId": "CVE-2020-7030", "datePublished": "2020-06-03T00:00:00", "dateReserved": "2020-01-14T00:00:00", "dateUpdated": "2020-06-09T18:06:15", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:avaya:ip_office:*:*:*:*:*:*:*:*", "matchCriteriaId": "5A1882E4-CCE5-421B-97FB-4D61BBFD6A5D", "versionEndIncluding": "10.1.0.7", "versionStartIncluding": "10.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:avaya:ip_office:*:*:*:*:*:*:*:*", "matchCriteriaId": "7CE17819-2B50-4E38-813E-F63E591CCA1F", "versionEndIncluding": "11.0.4.2", "versionStartIncluding": "11.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:avaya:ip_office:9.0:-:*:*:*:*:*:*", "matchCriteriaId": "1BDECE92-2DA9-45D8-8849-0023F63855A2", "vulnerable": true}, {"criteria": "cpe:2.3:a:avaya:ip_office:9.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "38AC8AB4-764E-4C1B-ADCD-95C2AD6684C5", "vulnerable": true}, {"criteria": "cpe:2.3:a:avaya:ip_office:9.0:sp10:*:*:*:*:*:*", "matchCriteriaId": "52ED1E01-4275-4877-B3EC-215898F62F00", "vulnerable": true}, {"criteria": "cpe:2.3:a:avaya:ip_office:9.0:sp11:*:*:*:*:*:*", "matchCriteriaId": "F31B3BCC-9061-4335-B465-C80AE38EE954", "vulnerable": true}, {"criteria": "cpe:2.3:a:avaya:ip_office:9.0:sp12:*:*:*:*:*:*", "matchCriteriaId": "D275ED61-D7D1-4036-8B2F-19BE6C6CC87D", "vulnerable": true}, {"criteria": "cpe:2.3:a:avaya:ip_office:9.0:sp2:*:*:*:*:*:*", "matchCriteriaId": "9D40EAD2-7995-4D32-A131-8A833C7A8ABC", "vulnerable": true}, {"criteria": "cpe:2.3:a:avaya:ip_office:9.0:sp3:*:*:*:*:*:*", "matchCriteriaId": "980AB8C3-F81E-4602-97BE-276C7FE8F4B4", "vulnerable": true}, {"criteria": "cpe:2.3:a:avaya:ip_office:9.0:sp4:*:*:*:*:*:*", "matchCriteriaId": "9A3386A8-7474-40B4-A3DB-82E52080FE51", "vulnerable": true}, {"criteria": "cpe:2.3:a:avaya:ip_office:9.0:sp5:*:*:*:*:*:*", "matchCriteriaId": "84A4CE4F-8770-469E-BBA6-1F5197DF8E7B", "vulnerable": true}, {"criteria": "cpe:2.3:a:avaya:ip_office:9.0:sp6:*:*:*:*:*:*", "matchCriteriaId": "E092F76A-A770-447E-9902-6E8F3D9011D0", "vulnerable": true}, {"criteria": "cpe:2.3:a:avaya:ip_office:9.0:sp7:*:*:*:*:*:*", "matchCriteriaId": "67DECE38-07A7-4AB5-959B-10123C3E5A3D", "vulnerable": true}, {"criteria": "cpe:2.3:a:avaya:ip_office:9.0:sp8:*:*:*:*:*:*", "matchCriteriaId": "84FDC940-3893-4D58-A218-CE29D33A88D3", "vulnerable": true}, {"criteria": "cpe:2.3:a:avaya:ip_office:9.0:sp9:*:*:*:*:*:*", "matchCriteriaId": "A513BE76-1776-4644-9F74-7D7BF6D86D55", "vulnerable": true}, {"criteria": "cpe:2.3:a:avaya:ip_office:9.1:-:*:*:*:*:*:*", "matchCriteriaId": "51C14CE3-651D-4503-9711-088B9CF773A0", "vulnerable": true}, {"criteria": "cpe:2.3:a:avaya:ip_office:9.1:sp1:*:*:*:*:*:*", "matchCriteriaId": "9468982C-DB32-490B-9131-9D35E8339467", "vulnerable": true}, {"criteria": "cpe:2.3:a:avaya:ip_office:9.1:sp10:*:*:*:*:*:*", "matchCriteriaId": "4B490A4A-A837-4CC6-8A44-5A7F03D73619", "vulnerable": true}, {"criteria": "cpe:2.3:a:avaya:ip_office:9.1:sp11:*:*:*:*:*:*", "matchCriteriaId": "C4A09C00-8D54-4674-A1D9-2F5AAD44CDD6", "vulnerable": true}, {"criteria": "cpe:2.3:a:avaya:ip_office:9.1:sp12:*:*:*:*:*:*", "matchCriteriaId": "67BFAB48-462F-4E95-9619-7A54E4BDF6F1", "vulnerable": true}, {"criteria": "cpe:2.3:a:avaya:ip_office:9.1:sp3:*:*:*:*:*:*", "matchCriteriaId": "E488E9F3-5329-43F1-AC9D-36760B95C91A", "vulnerable": true}, {"criteria": "cpe:2.3:a:avaya:ip_office:9.1:sp4:*:*:*:*:*:*", "matchCriteriaId": "CDD19739-0237-4C6F-9B6C-E47C9053F82A", "vulnerable": true}, {"criteria": "cpe:2.3:a:avaya:ip_office:9.1:sp5:*:*:*:*:*:*", "matchCriteriaId": "ACC5B2C8-CA4E-4482-8842-52886C5D5397", "vulnerable": true}, {"criteria": "cpe:2.3:a:avaya:ip_office:9.1:sp6:*:*:*:*:*:*", "matchCriteriaId": "09060F4E-DDB3-4C45-B628-6357ED0FA008", "vulnerable": true}, {"criteria": "cpe:2.3:a:avaya:ip_office:9.1:sp7:*:*:*:*:*:*", "matchCriteriaId": "7C6013D3-4D4C-46F8-82E6-271FB44FD126", "vulnerable": true}, {"criteria": "cpe:2.3:a:avaya:ip_office:9.1:sp8:*:*:*:*:*:*", "matchCriteriaId": "B1BED830-57D9-4051-B9D0-4E010AFA7451", "vulnerable": true}, {"criteria": "cpe:2.3:a:avaya:ip_office:9.1:sp9:*:*:*:*:*:*", "matchCriteriaId": "110B4593-6CF2-443B-AC7D-7DA98C44058C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A sensitive information disclosure vulnerability was discovered in the web interface component of IP Office that may potentially allow a local user to gain unauthorized access to the component. Affected versions of IP Office include: 9.x, 10.0 through 10.1.0.7 and 11.0 though 11.0.4.3."}, {"lang": "es", "value": "Se detect\u00f3 una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n confidencial en el componente web interface de IP Office, que puede permitir potencialmente a un usuario local conseguir acceso no autorizado al componente. Las versiones afectadas de IP Office incluyen: 9.x, 10.0 hasta 10.1.0.7 y 11.0 hasta 11.0.4.3"}], "id": "CVE-2020-7030", "lastModified": "2020-06-09T19:15:10.653", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "securityalerts@avaya.com", "type": "Secondary"}]}, "published": "2020-06-04T00:15:10.927", "references": [{"source": "securityalerts@avaya.com", "url": "http://packetstormsecurity.com/files/157957/Avaya-IP-Office-11-Insecure-Transit-Password-Disclosure.html"}, {"source": "securityalerts@avaya.com", "url": "http://seclists.org/fulldisclosure/2020/Jun/12"}, {"source": "securityalerts@avaya.com", "tags": ["Vendor Advisory"], "url": "https://downloads.avaya.com/css/P8/documents/101067493"}], "sourceIdentifier": "securityalerts@avaya.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-522"}], "source": "securityalerts@avaya.com", "type": "Secondary"}]}

{}