Buffer overflow in the ViewerCtrlLib.ViewerCtrl ActiveX control in Avaya IP Office Contact Center before 10.1.1 allows remote attackers to cause a denial of service (heap corruption and crash) or execute arbitrary code via a long string to the open method.
oryginał ENCVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HAvaya Ip Office Contact Center
APPAvaya10.010.0.0.3-8600.170510.19.19.1.09.1.0.2209.15409.1.69.1.79.1.89.1.9
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
RCEDoSMemory
CWE
Referencje
Powiązane podatności
CVE-2019-7001CRITICAL9.9ten sam produkt
A SQL injection vulnerability in the WebUI component of IP Office Contact Center could allow an authenticated ...
CVE-2025-1041CRITICAL9.9PL ✓ten sam vendor
Zdalne wykonanie poleceń w Avaya Call Management System (CWE-20)
CVE-2024-4197CRITICAL9.9PL ✓ten sam vendor
Unrestricted file upload umożliwiający RCE w Avaya IP Office (One-X)
CVE-2024-4196CRITICAL10.0PL ✓ten sam vendor
RCE poprzez improper input validation w Avaya IP Office (Web Control)
CVE-2022-38168CRITICAL9.1ten sam vendor
Broken Access Control in User Authentication in Avaya Scopia Pathfinder 10 and 20 PTS version 8.3.7.0.4 allows...