8.8

CVE-2019-9229

EPSS 0.1%
Veröffentlicht 20.07.2019 00:15:11
Zuletzt bearbeitet 21.11.2024 04:51:15
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

An issue was discovered on AudioCodes Mediant 500L-MSBR, 500-MBSR, M800B-MSBR and 800C-MSBR devices with firmware versions F7.20A to F7.20A.251. An internal interface exposed to the link-local address 169.254.254.253 allows attackers in the local network to access multiple quagga VTYs. Attackers can authenticate with the default 1234 password that cannot be changed, and can execute malicious and unauthorized actions.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Audiocodes ≫ Median 500l-msbr Firmware Version >= f7.20a <= f7.20a.251

Audiocodes ≫ Median 500l-msbr Version-

Audiocodes ≫ Median 500-msbr Firmware Version >= f7.20a <= f7.20a.251

Audiocodes ≫ Median 500-msbr Version-

Audiocodes ≫ Median M800b-msbr Firmware Version >= f7.20a <= f7.20a.251

Audiocodes ≫ Median M800b-msbr Version-

Audiocodes ≫ Median 800c-msbr Firmware Version >= f7.20a <= f7.20a.251

Audiocodes ≫ Median 800c-msbr Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.1%	0.252

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	5.8	6.5	6.4	AV:A/AC:L/Au:N/C:P/I:P/A:P

CWE-798 Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

https://www.cirosec.de/fileadmin/1._Unternehmen/1.4._Unsere_Kompetenzen/Security_Advisory_AudioCodes_Mediant_family.pdf

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2019-9229

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-9229

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-9229

EUVD