CVE-2022-2975

MEDIUM Year: 2022
CVSS v3 Score
6.7
Medium
Weakness Type
CWE-269
View all →

Vulnerability Description

A vulnerability related to weak permissions was detected in Avaya Aura Application Enablement Services web application, allowing an administrative user to modify accounts leading to execution of arbitrary code as the root user. This issue affects Application Enablement Services versions 8.0.0.0 through 8.1.3.4 and 10.1.0.0 through 10.1.0.1. Versions prior to 8.0.0.0 are end of manufacturing support and were not evaluated.

Related Vulnerabilities

CVE-2011-2910

MEDIUM
CVSS:6.7(Medium)

The AX.25 daemon (ax25d) in ax25-tools before 0.0.8-13 does not check the return value of a setuid call. The setuid call is responsible for dropping privileges but if the call fails the daemon would c...

CWE-2692011

CVE-2017-14329

MEDIUM
CVSS:6.7(Medium)

Extreme EXOS 16.x, 21.x, and 22.x allows administrators to obtain a root shell via vectors involving an exsh debug shell.

CWE-2692017

CVE-2017-14330

MEDIUM
CVSS:6.7(Medium)

Extreme EXOS 16.x, 21.x, and 22.x allows administrators to obtain a root shell via vectors involving a privileged process.

CWE-2692017

CVE-2017-14380

MEDIUM
CVSS:6.7(Medium)

In EMC Isilon OneFS 8.1.0.0, 8.0.1.0 - 8.0.1.1, 8.0.0.0 - 8.0.0.4, 7.2.1.0 - 7.2.1.5, 7.2.0.x, and 7.1.1.x, a malicious compliance admin (compadmin) account user could exploit a vulnerability in isi_g...

CWE-2692017

CVE-2017-6152

MEDIUM
CVSS:6.7(Medium)

A local user on F5 BIG-IQ Centralized Management 5.1.0-5.2.0 with the Access Manager role has privileges to change the passwords of other users on the system, including the local admin account passwor...

CWE-2692017

CVE-2017-6732

MEDIUM
CVSS:6.7(Medium)

A vulnerability in the installation procedure for Cisco Prime Network Software could allow an authenticated, local attacker to elevate their privileges to root privileges. More Information: CSCvd47343...

CWE-2692017