CVE-2020-7038 - Vulnerability Details - OpenCVE

A vulnerability was discovered in Management component of Avaya Equinox Conferencing that could potentially allow an unauthenticated, remote attacker to gain access to screen sharing and whiteboard sessions. The affected versions of Management component of Avaya Equinox Conferencing include all 3.x versions before 3.17. Avaya Equinox Conferencing is now offered as Avaya Meetings Server.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Avaya	Equinox Conferencing

Configuration 1 [-]

cpe:2.3:a:avaya:equinox_conferencing:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://support.avaya.com/css/P8/documents/101075574

History

No history.

MITRE

Status: PUBLISHED

Assigner: avaya

Published: 2021-04-28T21:30:21.281149Z

Updated: 2024-09-16T21:04:25.962Z

Reserved: 2020-01-14T00:00:00

Link: CVE-2020-7038

Vulnrichment

No data.

NVD

Status : Modified

Published: 2021-04-28T22:15:08.290

Modified: 2024-11-21T05:36:31.893

Link: CVE-2020-7038

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Avaya Meetings Management", "vendor": "Avaya", "versions": [{"lessThan": "3.17", "status": "affected", "version": "3.x", "versionType": "custom"}]}], "datePublic": "2021-04-28T00:00:00", "descriptions": [{"lang": "en", "value": "A vulnerability was discovered in Management component of Avaya Equinox Conferencing that could potentially allow an unauthenticated, remote attacker to gain access to screen sharing and whiteboard sessions. The affected versions of Management component of Avaya Equinox Conferencing include all 3.x versions before 3.17. Avaya Equinox Conferencing is now offered as Avaya Meetings Server."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-284", "description": "CWE-284: Improper Access Control\nCWE-200: Information Exposure", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-04-28T21:30:21", "orgId": "9d670455-bdb5-4cca-a883-5914865f5d96", "shortName": "avaya"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://support.avaya.com/css/P8/documents/101075574"}], "source": {"advisory": "ASA-2021-036"}, "title": "Avaya Meetings Server Information Disclosure vulnerability", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "securityalerts@avaya.com", "DATE_PUBLIC": "2021-04-28T06:00:00.000Z", "ID": "CVE-2020-7038", "STATE": "PUBLIC", "TITLE": "Avaya Meetings Server Information Disclosure vulnerability"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Avaya Meetings Management", "version": {"version_data": [{"affected": "<", "version_affected": "<", "version_name": "3.x", "version_value": "3.17"}]}}]}, "vendor_name": "Avaya"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability was discovered in Management component of Avaya Equinox Conferencing that could potentially allow an unauthenticated, remote attacker to gain access to screen sharing and whiteboard sessions. The affected versions of Management component of Avaya Equinox Conferencing include all 3.x versions before 3.17. Avaya Equinox Conferencing is now offered as Avaya Meetings Server."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-284: Improper Access Control\nCWE-200: Information Exposure"}]}]}, "references": {"reference_data": [{"name": "https://support.avaya.com/css/P8/documents/101075574", "refsource": "CONFIRM", "url": "https://support.avaya.com/css/P8/documents/101075574"}]}, "source": {"advisory": "ASA-2021-036"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T09:18:02.671Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.avaya.com/css/P8/documents/101075574"}]}]}, "cveMetadata": {"assignerOrgId": "9d670455-bdb5-4cca-a883-5914865f5d96", "assignerShortName": "avaya", "cveId": "CVE-2020-7038", "datePublished": "2021-04-28T21:30:21.281149Z", "dateReserved": "2020-01-14T00:00:00", "dateUpdated": "2024-09-16T21:04:25.962Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:avaya:equinox_conferencing:*:*:*:*:*:*:*:*", "matchCriteriaId": "C123C83E-6FEB-482D-9ADB-21B4248F7977", "versionEndExcluding": "9.1.11", "versionStartIncluding": "9.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability was discovered in Management component of Avaya Equinox Conferencing that could potentially allow an unauthenticated, remote attacker to gain access to screen sharing and whiteboard sessions. The affected versions of Management component of Avaya Equinox Conferencing include all 3.x versions before 3.17. Avaya Equinox Conferencing is now offered as Avaya Meetings Server."}, {"lang": "es", "value": "Se detect\u00f3 una vulnerabilidad en el componente Management de Avaya Equinox Conferencing que podr\u00eda permitir a un atacante remoto no autenticado conseguir acceso a las sesiones de pantalla compartida y de pizarra. Las versiones afectadas del componente Management de Avaya Equinox Conferencing incluyen todas las versiones 3.x anteriores a la 3.17. Avaya Equinox Conferencing ahora se ofrece como Avaya Meetings Server"}], "id": "CVE-2020-7038", "lastModified": "2024-11-21T05:36:31.893", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "securityalerts@avaya.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-04-28T22:15:08.290", "references": [{"source": "securityalerts@avaya.com", "tags": ["Vendor Advisory"], "url": "https://support.avaya.com/css/P8/documents/101075574"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://support.avaya.com/css/P8/documents/101075574"}], "sourceIdentifier": "securityalerts@avaya.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "securityalerts@avaya.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}