Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-3722 PoC — Avaya Aura Device Services Remote Code Execution

Source
https://github.com/pizza-power/CVE-2023-3722
Associated Vulnerability
Title:Avaya Aura Device Services Remote Code Execution (CVE-2023-3722)
Description:An OS command injection vulnerability was found in the Avaya Aura Device Services Web application which could allow remote code execution as the Web server user via a malicious uploaded file. This issue affects Avaya Aura Device Services version 8.1.4.0 and earlier.
Description
Python POC for CVE-2023-3722 Avaya Aura Device Services Unrestricted File Upload RCE
Readme
# CVE-2023-3722
Python POC for CVE-2023-3722 Avaya Aura Device Services Unrestricted File Upload RCE. 

This script will use a `PUT` request to upload a php file with an eight-digit randomly generated filename. Then it will make a `GET` request to retrieve this file and parse the output to get the command output. 


## Running

```
python3 ./CVE-2023-3722.py example.com:444 --query "id"
```

```
python3 ./CVE-2023-3722.py example.com:444 --query "hostname"

```
File Snapshot

 [4.0K]  /data/pocs/f4060457db80f369ab4e6048d5079725858f0ebd
├── [2.5K]  CVE-2023-3722.py
└── [ 467]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →