What is CVE-2020-7029?

CVE-2020-7029 is a medium-severity vulnerability in Avaya Aura_communication_manager, classified under Cross-Site Request Forgery (CSRF). CVSS score: 6.4/10. Published 2020-08-11.

How severe is CVE-2020-7029?

Medium severity. CVSS v3 base score is 6.4 out of 10.

CSRF in Avaya Aura_communication_manager

CVE-2020-7029

A Cross-Site Request Forgery (CSRF) vulnerability was discovered in the System Management Interface Web component of Avaya Aura Communication Manager and Avaya Aura Messaging. This vulnerability could allow an unauthenticated remote attack…

Vulnerability class: CSRF (Cross-Site Request Forgery)

EPSS: 0.004 (34.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.4 (Medium). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:L.

Affected products

Avaya Aura_communication_manager
Avaya Aura_messaging — versions 7.1
Avaya Aura Communication Manager — versions 8.0.x, 7.0
Avaya Aura Messaging — versions 7.0

Weakness classification (CWE)

CWE-352 — Cross-Site Request Forgery (CSRF)

References

securityalerts@avaya.com (x_refsource_CONFIRM, Vendor Advisory)

Frequently asked questions

What is CVE-2020-7029?: CVE-2020-7029 is a medium-severity vulnerability in Avaya Aura_communication_manager, classified under Cross-Site Request Forgery (CSRF). CVSS score: 6.4/10. Published 2020-08-11.
How severe is CVE-2020-7029?: Medium severity. CVSS v3 base score is 6.4 out of 10.