Avaya IP Office Vulnerability (CVE-2024-4196) / (CVE-2024-4197)

[Schwenki]

Hi,

I'm surprised that nobody has written anything about this security gap yet.

https://support.avaya.com/css/public/documents/101090768

If I understand correctly, only the Server Edition and application server are affected?


Tom

 

[sizbut]

...and?

Avaya looked at it, fixed it, announced the fix. That is the CVE process.

If you go to support.avaya.com, you can see the security advisories for any of the Avaya products you are supporting. If you have a account you can configure automatic notifications for new advisories (and for other types of documents).

Stuck in a never ending cycle of file copying.

 

[Schwenki]

My Qusetion is, is the 500v2 also affected?

As I understand it, only the SE, or?

 

[sizbut]

Suggestion for the future. If that is your question, start by asking the question, not with "I'm surprised that nobody has written anything about this security gap yet" dramatics.

And the answer is no, the IP500 V2 doesn't run Linux so its not affected, except if hosting a UCM or an IP Office Application Server.

And for that the original answer still stands: Avaya looked at it, fixed it, announced the fix.

Stuck in a never ending cycle of file copying.