What is CVE-2022-2975?

CVE-2022-2975 is a high-severity vulnerability in Avaya Aura_application_enablement_services, classified under Improper Privilege Management. CVSS score: 7.7/10. Published 2022-10-06.

How severe is CVE-2022-2975?

High severity. CVSS v3 base score is 7.7 out of 10.

Privilege escalation in Avaya Aura_application_enablement_services

CVE-2022-2975

A vulnerability related to weak permissions was detected in Avaya Aura Application Enablement Services web application, allowing an administrative user to modify accounts leading to execution of arbitrary code as the root user. This issue…

Vulnerability class: Privilege Escalation

EPSS: 0.002 (10.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.7 (High). Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H.

Affected products

Avaya Aura_application_enablement_services
Avaya Aura Application Enablement Services — versions 10.1.x, 8.x

Weakness classification (CWE)

References

securityalerts@avaya.com (Vendor Advisory)

Frequently asked questions

What is CVE-2022-2975?: CVE-2022-2975 is a high-severity vulnerability in Avaya Aura_application_enablement_services, classified under Improper Privilege Management. CVSS score: 7.7/10. Published 2022-10-06.
How severe is CVE-2022-2975?: High severity. CVSS v3 base score is 7.7 out of 10.