CVE-2019-9229

Published Jul 20, 2019

Last updated 4 years ago

Overview

Description: An issue was discovered on AudioCodes Mediant 500L-MSBR, 500-MBSR, M800B-MSBR and 800C-MSBR devices with firmware versions F7.20A to F7.20A.251. An internal interface exposed to the link-local address 169.254.254.253 allows attackers in the local network to access multiple quagga VTYs. Attackers can authenticate with the default 1234 password that cannot be changed, and can execute malicious and unauthorized actions.
Source: cve@mitre.org
NVD status: Analyzed

Risk scores

CVSS 3.0

Type: Primary
Base score: 8.8
Impact score: 5.9
Exploitability score: 2.8
Vector string: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 5.8
Impact score: 6.4
Exploitability score: 6.5
Vector string: AV:A/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-798

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:audiocodes:median_500l-msbr_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FABEE9F1-15BE-4652-BFBC-09EAA92C5280",
            "versionEndIncluding": "f7.20a.251",
            "versionStartIncluding": "f7.20a"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:audiocodes:median_500l-msbr:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "1228A9BF-1C20-49A9-917A-20804AF739CB"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:audiocodes:median_500-msbr_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D7B29225-8777-4E0E-BC09-190D5C65E9E0",
            "versionEndIncluding": "f7.20a.251",
            "versionStartIncluding": "f7.20a"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:audiocodes:median_500-msbr:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "9B7B3CB2-907E-40B8-A5A4-363F6B49B3EC"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:audiocodes:median_m800b-msbr_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "41BA6B49-5755-4057-9017-EAEBF1233A65",
            "versionEndIncluding": "f7.20a.251",
            "versionStartIncluding": "f7.20a"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:audiocodes:median_m800b-msbr:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "CC2AEC67-FEE5-42A8-AB33-908FD4492BE3"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:audiocodes:median_800c-msbr_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5CCC16CB-B7F2-4F15-8E95-959743DFB7FF",
            "versionEndIncluding": "f7.20a.251",
            "versionStartIncluding": "f7.20a"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:audiocodes:median_800c-msbr:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "60642B30-DE57-4630-8236-05E71B785571"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References