Avaya IP Office Users Urged to Patch Critical Flaws (CVE-2024-4196 & CVE-2024-4197)

CVE-2024-4196 & CVE-2024-4197
Image: Avaya

The Avaya IP Office, a popular telephony system used by businesses worldwide, is facing a critical security threat. Two newly discovered vulnerabilities, CVE-2024-4196 and CVE-2024-4197, have been identified and could potentially allow remote attackers to gain full control of affected systems.

CVE-2024-4196 & CVE-2024-4197

Image: Avaya

Understanding the Threats

CVE-2024-4196 (CVSS 10) is an improper input validation vulnerability in the Web Control component, which could be exploited through a specially crafted web request. This could allow attackers to execute arbitrary commands or code on the targeted system, potentially leading to data breaches, service disruption, or even complete system takeover.

CVE-2024-4197 (CVSS 9.9) is an unrestricted file upload vulnerability in the One-X component. Exploiting this flaw would enable attackers to upload malicious files and execute code remotely, posing a similar risk as CVE-2024-4196.

Both vulnerabilities have been assigned high severity scores, highlighting the urgency for immediate action.

Who’s at Risk?

Any organization using Avaya IP Office versions 11.1.3.0 or prior is at risk. Considering the widespread use of this platform, the potential impact of these vulnerabilities is significant.

Avaya’s Response and Recommendations

Avaya has released a patch, version 11.1.3.1, to address these vulnerabilities. They strongly urge all users to update their systems immediately.

In addition to patching, Avaya recommends following network security best practices, such as implementing firewalls, access control lists (ACLs), and physical security measures. These precautions can help mitigate the risk of exploitation until updates are applied.

What You Should Do

If your organization uses Avaya IP Office, take the following steps:

  1. Patch Immediately: Update to version 11.1.3.1 as soon as possible.
  2. Review Security Practices: Ensure your network security measures are up-to-date and effective.
  3. Monitor for Suspicious Activity: Keep a close eye on system logs and network traffic for any signs of unauthorized access or unusual behavior.

By taking prompt action, you can protect your organization from these critical vulnerabilities and ensure the security of your communications infrastructure.