CVE-2023-3722

CVSS 3.1 Score 4.8 of 10 (medium)

Details

Published Jul 19, 2023

Updated: Jul 28, 2023

CWE ID 79

Summary

CVE-2023-3722 is a newly identified vulnerability that affects the Avaya Aura Device Services Web application. This issue allows an attacker to inject OS commands, potentially leading to remote code execution, by uploading a malicious file. The vulnerability exists in Avaya Aura Device Services version 8.1.4.0 and earlier. Successful exploitation could result in significant security risks, including unauthorized access or system compromise. Avaya urges users to update to the latest version of the software to mitigate this threat.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Farsight

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/r0befH
https://www.cve.org/CVERecord?id=CVE-2023-3722
https://nvd.nist.gov/vuln/detail/CVE-2023-3722

Back to Vulnerability Database

CVE-2023-3722

CVSS 3.1 Score 4.8 of 10 (medium)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations