Creation of Temporary File With Insecure Permissions

CVE-2021-25654

Medium

6.2/10

Summary

An arbitrary code execution vulnerability was discovered in Avaya Aura Device Services that may potentially allow a local user to execute specially crafted scripts. Affects 7.0 through 8.1.4.0 versions of Avaya Aura Device Services.

Attack Complexity: HIGH
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: HIGH
Confidentiality Impact: HIGH
Availability Impact: LOW

CWE-378 - Creation of Temporary File With Insecure Permissions

Opening temporary files without appropriate measures or controls can leave the file, its contents and any function that it impacts vulnerable to attack.

References

Advisory Timeline

Published Jun 25, 2021

Creation of Temporary File With Insecure Permissions

CVE-2021-25654

Summary

CWE-378 - Creation of Temporary File With Insecure Permissions

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS