What is CVE-2022-2249?

CVE-2022-2249 is a high-severity vulnerability in Avaya Aura_communication_manager, classified under Improper Privilege Management. CVSS score: 7.7/10. Published 2022-10-12.

How severe is CVE-2022-2249?

High severity. CVSS v3 base score is 7.7 out of 10.

Privilege escalation in Avaya Aura_communication_manager

CVE-2022-2249

Privilege escalation related vulnerabilities were discovered in Avaya Aura Communication Manager that may allow local administrative users to escalate their privileges. This issue affects Communication Manager versions 8.0.0.0 through 8.1…

Vulnerability class: Privilege Escalation

EPSS: 0.002 (8.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.7 (High). Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H.

Affected products

Avaya Aura_communication_manager — versions 10.1.0.0
Avaya Aura Communication Manager — versions 10.1.0.0, 8.x

Weakness classification (CWE)

CWE-269 — Improper Privilege Management

References

securityalerts@avaya.com (Release Notes, Vendor Advisory)

Frequently asked questions

What is CVE-2022-2249?: CVE-2022-2249 is a high-severity vulnerability in Avaya Aura_communication_manager, classified under Improper Privilege Management. CVSS score: 7.7/10. Published 2022-10-12.
How severe is CVE-2022-2249?: High severity. CVSS v3 base score is 7.7 out of 10.