Start your free trial today.
Protect your organization with cutting-edge cybersecurity solutions designed for resilience and efficiency. Secure your digital assets with confidence.
Your Shield Against Threats
Unleash the Power of Cybersecurity
Boost Your Security, Enhance Your Business
We solve Your Cyber Challenges
Quick Links
Resources
Deepaegis Portals
2025 Deepaegis. All Rights Reserved.
A vulnerability exists in Avaya Call Management System due to improper input validation. An attacker could send specially crafted web requests that could allow unauthorized remote command execution on affected systems.
Successful exploitation of this vulnerability could allow an attacker with low privileges to remotely execute commands, leading to full compromise of the system’s confidentiality, integrity, and availability.
Avaya Call Management System
Affected Version: 20.x prior to 20.0.1.0
Action Due: 6/9/2025
Remediation: Avaya has released patches to fix this vulnerability. Users are recommended to upgrade to: Version 19.2.0.7 or later for 19.x branch Version 20.0.1.0 or later for 20.x branch For the 18.x series, users should contact Avaya for further guidance as direct patch information is not provided.
Exploit Added Date: 6/9/2025
Upgrade to 19.2.0.7 or later (for 19.x) Upgrade to 20.0.1.0 or later (for 20.x) Contact Avaya for 18.x mitigation.
None available.
Apply vendor patches immediately. Restrict network access to trusted users and devices. Monitor logs for unusual web requests.
Monitor web request patterns for unusual or malformed input parameters. Analyze logs for unauthorized command execution traces.
6/9/2025
6/9/2025
No references provided
No affected organizations specified
This document contains sensitive information. Unauthorized distribution is prohibited.