What is CVE-2020-7030?

CVE-2020-7030 is a medium-severity vulnerability in Avaya Ip Office, classified under Insufficiently Protected Credentials. CVSS score: 5.5/10. Published 2020-06-03.

How severe is CVE-2020-7030?

Medium severity. CVSS v3 base score is 5.5 out of 10.

Vulnerability in Avaya Ip Office

CVE-2020-7030

A sensitive information disclosure vulnerability was discovered in the web interface component of IP Office that may potentially allow a local user to gain unauthorized access to the component. Affected versions of IP Office include: 9.x…

EPSS: 0.009 (76.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.5 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N.

Affected products

Avaya Ip Office — versions 9.x, 10.0, 11.0

Weakness classification (CWE)

CWE-522 — Insufficiently Protected Credentials

References

downloads.avaya.com/css/P8/documents/101067493 (x_refsource_CONFIRM)
packetstormsecurity.com/files/157957/Avaya-IP-Office-11-Insecure-Transit-Passwo… (x_refsource_MISC)
20200609 Avaya IP Office v9.1.8.0 - 11 Insecure Transit Password Disclosure CVE-2020-7030 (mailing-list, x_refsource_FULLDISC)

Frequently asked questions

What is CVE-2020-7030?: CVE-2020-7030 is a medium-severity vulnerability in Avaya Ip Office, classified under Insufficiently Protected Credentials. CVSS score: 5.5/10. Published 2020-06-03.
How severe is CVE-2020-7030?: Medium severity. CVSS v3 base score is 5.5 out of 10.