{"containers": {"cna": {"affected": [{"product": "IP Office", "vendor": "Avaya", "versions": [{"lessThanOrEqual": "11.1 Feature Pack 2 Service Pack 1", "status": "affected", "version": "0", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "A privilege escalation vulnerability was discovered in Avaya IP Office Admin Lite and USB Creator that may potentially allow a local user to escalate privileges. This issue affects Admin Lite and USB Creator 11.1 Feature Pack 2 Service Pack 1 and earlier versions."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-269", "description": "CWE-269", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-09-06T19:33:21.000Z", "orgId": "9d670455-bdb5-4cca-a883-5914865f5d96", "shortName": "avaya"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://support.avaya.com/css/P8/documents/101083319"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2022/MNDT-2022-0037/MNDT-2022-0037.md"}], "source": {"advisory": "ASA-2022-114", "discovery": "EXTERNAL"}, "title": "Avaya IP Office Privilege Escalation Vulnerability", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CNA_private": {"CVE_list": [], "CVE_table_description": [], "internal_comments": "", "owner": "robg", "publish": {"month": "", "year": "", "ym": ""}, "share_with_CVE": false, "todo": []}, "CVE_data_meta": {"AKA": "", "ASSIGNER": "securityalerts@avaya.com", "DATE_PUBLIC": "", "ID": "CVE-2021-25657", "STATE": "PUBLIC", "TITLE": "Avaya IP Office Privilege Escalation Vulnerability"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "IP Office", "version": {"version_data": [{"platform": "", "version_affected": "<=", "version_name": "0", "version_value": "11.1 Feature Pack 2 Service Pack 1"}]}}]}, "vendor_name": "Avaya"}]}}, "configuration": [], "credit": [], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A privilege escalation vulnerability was discovered in Avaya IP Office Admin Lite and USB Creator that may potentially allow a local user to escalate privileges. This issue affects Admin Lite and USB Creator 11.1 Feature Pack 2 Service Pack 1 and earlier versions."}]}, "exploit": [], "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-269"}]}]}, "references": {"reference_data": [{"name": "https://support.avaya.com/css/P8/documents/101083319", "refsource": "MISC", "url": "https://support.avaya.com/css/P8/documents/101083319"}, {"name": "https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2022/MNDT-2022-0037/MNDT-2022-0037.md", "refsource": "MISC", "url": "https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2022/MNDT-2022-0037/MNDT-2022-0037.md"}]}, "solution": [], "source": {"advisory": "ASA-2022-114", "defect": [], "discovery": "EXTERNAL"}, "work_around": []}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T20:11:27.684Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://support.avaya.com/css/P8/documents/101083319"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2022/MNDT-2022-0037/MNDT-2022-0037.md"}]}]}, "cveMetadata": {"assignerOrgId": "9d670455-bdb5-4cca-a883-5914865f5d96", "assignerShortName": "avaya", "cveId": "CVE-2021-25657", "datePublished": "2022-09-02T01:05:08.862Z", "dateReserved": "2021-01-21T00:00:00.000Z", "dateUpdated": "2024-09-17T01:46:04.516Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:avaya:ip_office:*:*:*:*:*:*:*:*", "matchCriteriaId": "A85DBDAD-4D2A-43EF-A487-AC5A1AAB8766", "versionEndExcluding": "11.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:avaya:ip_office:11.1:-:*:*:*:*:*:*", "matchCriteriaId": "26753680-2F84-40F7-87FD-5B5D63B2F5C5", "vulnerable": true}, {"criteria": "cpe:2.3:a:avaya:ip_office:11.1:feature_pack1:*:*:*:*:*:*", "matchCriteriaId": "6F3B61F2-3809-4001-BC62-2CAB62E363EF", "vulnerable": true}, {"criteria": "cpe:2.3:a:avaya:ip_office:11.1:feature_pack1_service_pack1:*:*:*:*:*:*", "matchCriteriaId": "696C872E-B4C4-49BA-ABCD-03BC2451EBDC", "vulnerable": true}, {"criteria": "cpe:2.3:a:avaya:ip_office:11.1:feature_pack2:*:*:*:*:*:*", "matchCriteriaId": "C621F009-9229-4F67-8EB1-4DCB31F553F1", "vulnerable": true}, {"criteria": "cpe:2.3:a:avaya:ip_office:11.1:feature_pack2_service_pack1:*:*:*:*:*:*", "matchCriteriaId": "F69EDA65-AD4A-42D6-8AD0-0FF09142E183", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A privilege escalation vulnerability was discovered in Avaya IP Office Admin Lite and USB Creator that may potentially allow a local user to escalate privileges. This issue affects Admin Lite and USB Creator 11.1 Feature Pack 2 Service Pack 1 and earlier versions."}, {"lang": "es", "value": "Se ha detectado una vulnerabilidad de escalada de privilegios en Avaya IP Office Admin Lite y USB Creator que podr\u00eda permitir a un usuario local escalar privilegios. Este problema afecta a Admin Lite y USB Creator versi\u00f3n 11.1 Feature Pack 2 Service Pack 1 y versiones anteriores"}], "id": "CVE-2021-25657", "lastModified": "2024-11-21T05:55:14.037", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "securityalerts@avaya.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-09-02T01:15:07.357", "references": [{"source": "securityalerts@avaya.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2022/MNDT-2022-0037/MNDT-2022-0037.md"}, {"source": "securityalerts@avaya.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://support.avaya.com/css/P8/documents/101083319"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2022/MNDT-2022-0037/MNDT-2022-0037.md"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://support.avaya.com/css/P8/documents/101083319"}], "sourceIdentifier": "securityalerts@avaya.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-269"}], "source": "securityalerts@avaya.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}