CVE-2020-7038 — HIGH (7.5) — White Hats Nepal

Q: How severe is CVE-2020-7038?

CVE-2020-7038 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2020-7038?

Check the references section above for vendor advisories and patch information. Affected products include: Avaya Equinox Conferencing.

Vulnerability Description

A vulnerability was discovered in Management component of Avaya Equinox Conferencing that could potentially allow an unauthenticated, remote attacker to gain access to screen sharing and whiteboard sessions. The affected versions of Management component of Avaya Equinox Conferencing include all 3.x versions before 3.17. Avaya Equinox Conferencing is now offered as Avaya Meetings Server.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Avaya	Equinox Conferencing	>= 9.0.0, < 9.1.11

Related Weaknesses (CWE)

CWE-284

References

https://support.avaya.com/css/P8/documents/101075574Vendor Advisory
https://support.avaya.com/css/P8/documents/101075574Vendor Advisory

FAQ

What is CVE-2020-7038?

CVE-2020-7038 is a vulnerability with a CVSS score of 7.5 (HIGH). A vulnerability was discovered in Management component of Avaya Equinox Conferencing that could potentially allow an unauthenticated, remote attacker to gain access to screen sharing and whiteboard se...

How severe is CVE-2020-7038?

CVE-2020-7038 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-7038?

Check the references section above for vendor advisories and patch information. Affected products include: Avaya Equinox Conferencing.