CVE-2024-7477 – A SQL injection vulnerability in Avaya Aura Sys... (How to Fix)

Q: What is the severity of CVE-2024-7477?

CVE-2024-7477 has a CVSS score of 6.5 (MEDIUM). A SQL injection vulnerability in Avaya Aura System Manager allows CLI users with administrative privileges to execute arbitrary database queries. This affects versions 10.1.x.x and 10.2.x.x, potentially compromising database integrity and confidentiality.

📋 TL;DR

A SQL injection vulnerability in Avaya Aura System Manager allows CLI users with administrative privileges to execute arbitrary database queries. This affects versions 10.1.x.x and 10.2.x.x, potentially compromising database integrity and confidentiality.

💻 Affected Systems

Products:

Avaya Aura System Manager

Versions: 10.1.x.x and 10.2.x.x

Operating Systems: Not specified in CVE

Default Config Vulnerable: ⚠️ Yes

Notes: Versions prior to 10.1 are end of manufacturer support but may still be vulnerable.

📦 What is this software?

Aura System Manager by Avaya

View all CVEs affecting Aura System Manager →

Aura System Manager by Avaya

View all CVEs affecting Aura System Manager →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Administrator credentials could be used to execute arbitrary SQL commands, leading to full database compromise, data exfiltration, or system takeover.

🟠

Likely Case

Privileged users could unintentionally or maliciously execute unauthorized queries, potentially exposing sensitive configuration data or disrupting operations.

🟢

If Mitigated

With proper access controls and monitoring, impact is limited to authorized administrative actions within expected boundaries.

🌐 Internet-Facing: LOW

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires administrative CLI access, reducing attack surface but increasing insider threat potential.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check vendor advisory for specific patched versions

Vendor Advisory: https://download.avaya.com/css/public/documents/101091159

Restart Required: Yes

Instructions:

1. Review vendor advisory for specific patch versions. 2. Apply recommended patches from Avaya. 3. Restart affected services as required.

🔧 Temporary Workarounds

Restrict CLI Access

all

Limit command line interface access to only essential administrative personnel

Implement Input Validation

all

Add SQL injection prevention controls to CLI input handling

🧯 If You Can't Patch

Implement strict access controls to limit CLI administrative access
Monitor database query logs for unusual SQL patterns from CLI users

🔍 How to Verify

Check if Vulnerable:

Check System Manager version against affected ranges (10.1.x.x or 10.2.x.x)

Check Version:

Check Avaya System Manager administration interface or documentation for version command

Verify Fix Applied:

Verify version is updated beyond vulnerable ranges and test CLI SQL functionality

📡 Detection & Monitoring

Log Indicators:

Unusual SQL queries from CLI sessions
Database error logs showing injection attempts

Network Indicators:

Unusual database traffic patterns from administrative systems

SIEM Query:

source="avaya_system_manager" AND (sql_query="*DROP*" OR sql_query="*UNION*" OR sql_query="*SELECT*FROM*users*")

📊 Metadata

CVE ID: CVE-2024-7477

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-89

Published: August 8, 2024

Last Updated: September 11, 2024

🔗 References

https://download.avaya.com/css/public/documents/101091159 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-7477, you might also want to check these: