NVD Vulnerability Detail

CVE-2019-7006

Summary	Avaya one-X Communicator uses weak cryptographic algorithms in the client authentication component that could allow a local attacker to decrypt sensitive information. Affected versions include all 6.2.x versions prior to 6.2 SP13.
Publication Date	Feb. 27, 2019, 9:29 a.m.
Registration Date	Jan. 26, 2021, 11:44 a.m.
Last Update	Nov. 21, 2024, 1:47 p.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:avaya:one-x_communicator:6.2:sp1::::::
cpe:2.3:a:avaya:one-x_communicator:6.2:sp2::::::
cpe:2.3:a:avaya:one-x_communicator:6.2:fp3::::::
cpe:2.3:a:avaya:one-x_communicator:6.2:fp4::::::
cpe:2.3:a:avaya:one-x_communicator:6.2:sp5::::::
cpe:2.3:a:avaya:one-x_communicator:6.2:fp6::::::
cpe:2.3:a:avaya:one-x_communicator:6.2:sp7::::::
cpe:2.3:a:avaya:one-x_communicator:6.2:fp10::::::
cpe:2.3:a:avaya:one-x_communicator:6.2:sp12::::::
cpe:2.3:a:avaya:one-x_communicator:6.2:-::::::

Related information, measures and tools

No	URL	タグ
1	http://www.securityfocus.com/bid/107175	Third Party Advisory VDB Entry
2	https://downloads.avaya.com/css/P8/documents/101055601	Release Notes Vendor Advisory
3	https://downloads.avaya.com/css/P8/documents/101055661	Vendor Advisory
4	http://www.securityfocus.com/bid/107175	Third Party Advisory VDB Entry
5	https://downloads.avaya.com/css/P8/documents/101055661	Vendor Advisory
6	https://downloads.avaya.com/css/P8/documents/101055601	Release Notes Vendor Advisory

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-327	不完全、または危険な暗号アルゴリズムの使用	https://cwe.mitre.org/data/definitions/327.html

JVN Vulnerability Information

Avaya one-X Communicator における暗号に関する脆弱性

Title	Avaya one-X Communicator における暗号に関する脆弱性
Summary	Avaya one-X Communicator には、暗号に関する脆弱性が存在します。
Possible impacts	情報を取得される可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Feb. 8, 2019, midnight
Registration Date	April 2, 2019, 3 p.m.
Last Update	April 2, 2019, 3 p.m.

Affected System

アバイア

Avaya one-X Communicator 6.2 SP13 未満の 6.2.x

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2019-7006	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7006
2	CVE-2019-7006	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7006
National Vulnerability Database (NVD)
3	CVE-2019-7006	https://nvd.nist.gov/vuln/detail/CVE-2019-7006
4	CVE-2019-7006	https://nvd.nist.gov/vuln/detail/CVE-2019-7006

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-310	https://jvndb.jvn.jp/ja/cwe/CWE-310.html
2	CWE-310	https://jvndb.jvn.jp/ja/cwe/CWE-310.html

ベンダー情報

No	Name	URL
AVAYA
1	Avaya one-X Communicator Release 6.2 SP13	https://downloads.avaya.com/css/P8/documents/101055601
2	Avaya one-X Communicator Release 6.2 SP13	https://downloads.avaya.com/css/P8/documents/101055601
3	one-X Communicator Weak Encryption Vulnerability (CVE-2019-7006)	https://downloads.avaya.com/css/P8/documents/101055661
4	one-X Communicator Weak Encryption Vulnerability (CVE-2019-7006)	https://downloads.avaya.com/css/P8/documents/101055661

Change Log

No	Changed Details	Date of change
1	[2019年04月02日] 掲載	April 2, 2019, 3 p.m.

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:avaya:one-x_communicator:6.2:sp1::::::
cpe:2.3:a:avaya:one-x_communicator:6.2:sp2::::::
cpe:2.3:a:avaya:one-x_communicator:6.2:fp3::::::
cpe:2.3:a:avaya:one-x_communicator:6.2:fp4::::::
cpe:2.3:a:avaya:one-x_communicator:6.2:sp5::::::
cpe:2.3:a:avaya:one-x_communicator:6.2:fp6::::::
cpe:2.3:a:avaya:one-x_communicator:6.2:sp7::::::
cpe:2.3:a:avaya:one-x_communicator:6.2:fp10::::::
cpe:2.3:a:avaya:one-x_communicator:6.2:sp12::::::
cpe:2.3:a:avaya:one-x_communicator:6.2:-::::::