CVE-2023-3527

CVSS 3.1 Score 6.8 of 10 (medium)

Details

Published Jul 18, 2023

Updated: Jul 28, 2023

CWE ID 1236

Summary

CVE-2023-3527 is a newly discovered vulnerability in the Avaya Call Management System (CMS) Supervisor web application. This issue permits an administrative user to inject malicious data into the system, which can then be exported to a CSV file. Upon opening the CSV file in spreadsheet software like Microsoft Excel, the system may be susceptible to arbitrary command execution, potentially leading to serious security implications.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Avaya Call Management System

Affected Vendors

Avaya, Inc.

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/r5ic6d
https://www.cve.org/CVERecord?id=CVE-2023-3527
https://nvd.nist.gov/vuln/detail/CVE-2023-3527

Back to Vulnerability Database