CVE-2020-7033 : Security Advisory and Response
Learn about CVE-2020-7033, a Cross Site Scripting (XSS) Vulnerability in Avaya Equinox Conferencing allowing authenticated users to execute XSS attacks. Find mitigation steps and updates here.
A Cross Site Scripting (XSS) Vulnerability in Avaya Equinox Conferencing allows authenticated users to execute XSS attacks.
Understanding CVE-2020-7033
What is CVE-2020-7033?
The vulnerability in Avaya Equinox Conferencing enables authenticated users to conduct XSS attacks through the Unified Portal Client.
The Impact of CVE-2020-7033
The vulnerability has a CVSS base score of 6.3, with high confidentiality impact and low integrity impact.
Technical Details of CVE-2020-7033
Vulnerability Description
The XSS vulnerability in Avaya Equinox Conferencing affects all 9.x versions prior to 9.1.10.
Affected Systems and Versions
- Product: Avaya Equinox Conferencing
- Vendor: Avaya
- Versions affected: All 9.x versions before 9.1.10
Exploitation Mechanism
- Attack Complexity: Low
- Attack Vector: Network
- Privileges Required: Low
- User Interaction: Required
Mitigation and Prevention
Immediate Steps to Take
- Update Avaya Equinox Conferencing to version 9.1.10 or higher
- Monitor and restrict user input to prevent XSS attacks
Long-Term Security Practices
- Regularly update and patch software to address security vulnerabilities
- Conduct security training for users to recognize and report suspicious activities
Patching and Updates
- Avaya has released a patch to address the XSS vulnerability in Equinox Conferencing