CVE-2019-7005 - Vulnerability Details - OpenCVE

A vulnerability was discovered in the web interface component of IP Office that may potentially allow a remote, unauthenticated user with network access to gain sensitive information. Affected versions of IP Office include: 9.x, 10.0 through 10.1.0.7 and 11.0 through 11.0.4.2.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Avaya	Ip Office

Configuration 1 [-]

OR	cpe:2.3:a:avaya:ip_office::::::::
	cpe:2.3:a:avaya:ip_office::::::::

No data.

References

Link	Providers
https://downloads.avaya.com/css/P8/documents/101070158

History

No history.

MITRE

Status: PUBLISHED

Assigner: avaya

Published: 2020-08-07T21:20:12.164613Z

Updated: 2024-09-16T18:18:48.538Z

Reserved: 2019-01-28T00:00:00

Link: CVE-2019-7005

Vulnrichment

No data.

NVD

Status : Modified

Published: 2020-08-07T22:15:12.680

Modified: 2024-11-21T04:47:24.060

Link: CVE-2019-7005

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "IP Office", "vendor": "Avaya", "versions": [{"lessThanOrEqual": "10.1.0.7", "status": "affected", "version": "10.0", "versionType": "custom"}, {"lessThanOrEqual": "11.0.4.2", "status": "affected", "version": "11.0", "versionType": "custom"}]}], "datePublic": "2020-08-07T00:00:00", "descriptions": [{"lang": "en", "value": "A vulnerability was discovered in the web interface component of IP Office that may potentially allow a remote, unauthenticated user with network access to gain sensitive information. Affected versions of IP Office include: 9.x, 10.0 through 10.1.0.7 and 11.0 through 11.0.4.2."}], "metrics": [{"cvssV3_0": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-200", "description": "CWE-200: Information Exposure", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-08-07T21:20:12", "orgId": "9d670455-bdb5-4cca-a883-5914865f5d96", "shortName": "avaya"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://downloads.avaya.com/css/P8/documents/101070158"}], "source": {"advisory": "ASA-2020-009"}, "title": "Unauthenticated Information Disclosure Vulnerability in IP Office", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "securityalerts@avaya.com", "DATE_PUBLIC": "2020-08-07T06:00:00.000Z", "ID": "CVE-2019-7005", "STATE": "PUBLIC", "TITLE": "Unauthenticated Information Disclosure Vulnerability in IP Office"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "IP Office", "version": {"version_data": [{"affected": "<=", "version_affected": "<=", "version_name": "10.0", "version_value": "10.1.0.7"}, {"affected": "<=", "version_affected": "<=", "version_name": "11.0", "version_value": "11.0.4.2"}]}}]}, "vendor_name": "Avaya"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability was discovered in the web interface component of IP Office that may potentially allow a remote, unauthenticated user with network access to gain sensitive information. Affected versions of IP Office include: 9.x, 10.0 through 10.1.0.7 and 11.0 through 11.0.4.2."}]}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-200: Information Exposure"}]}]}, "references": {"reference_data": [{"name": "https://downloads.avaya.com/css/P8/documents/101070158", "refsource": "CONFIRM", "url": "https://downloads.avaya.com/css/P8/documents/101070158"}]}, "source": {"advisory": "ASA-2020-009"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T20:38:32.804Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://downloads.avaya.com/css/P8/documents/101070158"}]}]}, "cveMetadata": {"assignerOrgId": "9d670455-bdb5-4cca-a883-5914865f5d96", "assignerShortName": "avaya", "cveId": "CVE-2019-7005", "datePublished": "2020-08-07T21:20:12.164613Z", "dateReserved": "2019-01-28T00:00:00", "dateUpdated": "2024-09-16T18:18:48.538Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:avaya:ip_office:*:*:*:*:*:*:*:*", "matchCriteriaId": "5A1882E4-CCE5-421B-97FB-4D61BBFD6A5D", "versionEndIncluding": "10.1.0.7", "versionStartIncluding": "10.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:avaya:ip_office:*:*:*:*:*:*:*:*", "matchCriteriaId": "7CE17819-2B50-4E38-813E-F63E591CCA1F", "versionEndIncluding": "11.0.4.2", "versionStartIncluding": "11.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability was discovered in the web interface component of IP Office that may potentially allow a remote, unauthenticated user with network access to gain sensitive information. Affected versions of IP Office include: 9.x, 10.0 through 10.1.0.7 and 11.0 through 11.0.4.2."}, {"lang": "es", "value": "Se detect\u00f3 una vulnerabilidad en el componente de la interfaz web de IP Office que puede permitir potencialmente a un usuario remoto no autenticado con acceso a la red conseguir informaci\u00f3n confidencial. Las versiones afectadas de IP Office incluyen: versiones 9.x, versiones 10.0 hasta 10.1.0.7 y versiones 11.0 hasta 11.0.4.2"}], "id": "CVE-2019-7005", "lastModified": "2024-11-21T04:47:24.060", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "securityalerts@avaya.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-08-07T22:15:12.680", "references": [{"source": "securityalerts@avaya.com", "tags": ["Vendor Advisory"], "url": "https://downloads.avaya.com/css/P8/documents/101070158"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://downloads.avaya.com/css/P8/documents/101070158"}], "sourceIdentifier": "securityalerts@avaya.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "securityalerts@avaya.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}