An unrestricted file upload vulnerability in Avaya IP Office was discovered that could allow remote command or code execution via the One-X component. Affected versions include all versions prior to 11.1.3.1.
The vulnerability results from insufficient validation of uploaded files in the One-X component (CWE-434 — Unrestricted Upload of File with Dangerous Type). An attacker with an account in the system can upload a malicious file (such as a webshell or executable script) without any effective server-side restrictions. After the file is uploaded, it can be executed in the server context, leading to complete takeover of the environment. The network vector (AV:N) and lack of attack complexity requirements (AC:L) make the exploit relatively easy to perform remotely.
An attacker can gain full control of the system — read and modify sensitive data, execute arbitrary system commands, and potentially move laterally in the network, which is confirmed by high confidentiality, integrity, and availability indicators (C:H/I:H/A:H) and scope S:C.
Update Avaya IP Office to version 11.1.3.1 or later as soon as possible. Detailed patch instructions are available in the official Avaya security bulletin at: https://download.avaya.com/css/public/documents/101090768
All versions of Avaya IP Office earlier than 11.1.3.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HAvaya Ip Office
APPAvaya< 11.1.3.1
Related vulnerabilities
RCE poprzez improper input validation w Avaya IP Office (Web Control)
Buffer overflow in the SoftConsole client in Avaya IP Office before 10.1.1 allows remote servers to execute ar...
A privilege escalation vulnerability was discovered in Avaya IP Office Admin Lite and USB Creator that may pot...
A vulnerability was discovered in the web interface component of IP Office that may potentially allow a remote...
A Null pointer dereference vulnerability exists in Mozilla Network Security Services due to a missing NULL che...