CVE-2023-3722 PoC — Avaya Aura Device Services 代码问题漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2023/CVE-2023-3722.yaml

Associated Vulnerability

Title:Avaya Aura Device Services 代码问题漏洞 (CVE-2023-3722)
Description:Avaya Aura Device Services是美国亚美亚（Avaya）公司的一个应用软件。提供一个管理 Avaya 端点功能。 Avaya Aura Device Services Web存在安全漏洞，该漏洞源于存在命令注入漏洞。攻击者可利用该漏洞上传恶意文件远程执行代码。

Description

An OS command injection vulnerability was found in the Avaya Aura Device Services Web application which could allow remote code execution as the Web server user via a malicious uploaded file. This issue affects Avaya Aura Device Services version 8.1.4.0 and earlier.

File Snapshot


 id: CVE-2023-3722

info:
  name: Avaya Aura Device Services - OS Command Injection
  author: iamnooo

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!