Avaya Aura AES

Avaya patched a high severity vulnerability in the Aura Application Enablement Services (AES) product versions 6.3.1, 6.3.2, 6.3.3, and 7.x. This vulnerability could allow a remote threat actor to gain privileged user access to the AES server by using specially crafted messages. The NJCCIC recommends administrators review the Avaya advisory, and those running Aura AES version 6.3.1, 6.3.2, and 6.3.3 install Super Patch 7 and apply the AES 6.3.3.7 security hotfix. Those running version 7.0.x should update to 7.0.1, install Super Patch 4, and apply the EAS 6.3.3.7 security hotfix. Lastly, those running version 7.1 should apply the AES 7.1.0.0.0 security hotfix as specified in the Avaya Product Support Notice.