CSV injection in Avaya Call Management System (CMS). CVE-2023-3527
Hi All, I was able to identify CVS injection vulnerability in Avaya Call Management System (CMS). Avaya Call Management System (CMS) is an integrated analysis and reporting solution that keeps you in touch with virtually everything that’s going on in your contact center from evaluating the performance of a single agent or group of agents to managing a contact center with multiple locations worldwide. During the security assessment of CMS Supervisor Web application, i noted that whole section of "Administration" has a feature to download the content in CSV format. Any malicious user can inject malicious CSV payload, which will be executed if the admin downloads the csv report and opens it. The Excel will ask the admin to enable the content, since the report is downloaded from trusted source he will click on enable which will execute the content. Vulnerability and Fixed: Vulnerability Name : CMS is vulnerable to CSV Injection Assigned CVE: CVE-2023-3527 ASA Number: ASA