There are serious security vulnerabilities in Avaya IP Office. Unauthorized persons can exploit these vulnerabilities in the IP telephony software, which are classified as critical, to inject malicious code. Updates have been released to close these vulnerabilities.
Precisely crafted requests to the web control component of Avaya IP Office could lead to commands being executed or malicious code being injected from the network due to insufficient filtering of input, Avaya warns in a security advisory (CVE-2024-4196, CVSS 10, risk "critical"). Attackers can exploit a vulnerability in the One-X component that allows unlimited file uploads - this can also potentially lead to the execution of commands or malicious code from the network, as Avaya explains (CVE-2024-4197, CVSS 9.9, critical).
Updates available for Avaya
Avaya IP Office 11.1.3.0 and older versions have security vulnerabilities. Version 11.1.3.1 closes these gaps. In addition to installing the update, Avaya strongly recommends implementing best security practices such as the use of firewalls, access control lists (ACLs), physical security and appropriate access restrictions. This can minimize the impact of the security vulnerabilities. IT managers with Avaya IP Office instances should download and install the updates as soon as possible.
Current
Are you satisfied with your carrier support? Service at the highest level with Winet
Microsoft with massive network disruption
Crowdstrike paralyzes security-relevant systems for hours.
Why it's not worth importing sugar beets.
Why you shouldn't store your apples in a Seattle store.
