CyberPoint NORDIC researchers discover a high-severity vulnerability (CVE-2022-2975) affecting Avaya telecommunication and VoIP products
CyberPoint NORDIC lead Alex Levesque discovered a vulnerability in Avaya Aura Application Enablement Services servers. Following CyberPoint's responsible disclosure policy, we provided a writeup of the discovery to Avaya's Product Security Team, who released an Avaya Security Advisory, assigned CVE-2022-2975, and published a patch to the software. The vulnerability allows for privilege escalation and execution of arbitrary code as the root user. CyberPoint will release a full writeup of the discovery 30 days after patch release. To anyone with Avaya systems, please update at your earliest convenience!
More about this CVE can be found at the following URLs:
https://download.avaya.com/css/public/documents/101083688
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2975
The mission of CyberPoint's NORDIC Team is to relentlessly pursue novel technologies and techniques to support customer operations, discovering the vulnerabilities before the adversary does in order to Protect What's Invaluable to you. We are an applied research center, where the research is driven by requirements with an eye to develop new capabilities.
Contact NORDIC
NORDIC engineers work to your requirements: rapid research & development in a commercial facility, and supporting government customers with heightened security requirements are both within our expertise.
Contact us with queries about how we can support your mission today.