CVE-2019-9230

Published Jul 18, 2019

Last updated 6 years ago

CVSS medium 6.1

Overview

Description: An issue was discovered on AudioCodes Mediant 500L-MSBR, 500-MBSR, M800B-MSBR and 800C-MSBR devices with firmware versions F7.20A to F7.20A.253. A cross-site scripting (XSS) vulnerability in the search function of the management web interface allows remote attackers to inject arbitrary web script or HTML via the keyword parameter.
Source: cve@mitre.org
NVD status: Analyzed

Risk scores

CVSS 3.0

Type: Primary
Base score: 6.1
Impact score: 2.7
Exploitability score: 2.8
Vector string: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-79

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:audiocodes:mediant_500l-msbr_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "06E7C8AE-B6F5-4257-9C60-3626B540A3D1",
            "versionEndIncluding": "f7.20a.253",
            "versionStartIncluding": "f7.20a"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:audiocodes:mediant_500l-msbr:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "C63D6D5E-5FDC-48D0-BB8A-5828241D2DB1"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:audiocodes:mediant_500-mbsr_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "877EDC8C-B847-4257-8786-3F40078B40E7",
            "versionEndIncluding": "f7.20a.253",
            "versionStartIncluding": "f7.20a"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:audiocodes:mediant_500-mbsr:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "449C4C26-69EE-451C-B6DB-4A2C763AB4DF"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:audiocodes:mediant_m800b-msbr_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DF18428D-5EC4-4CC9-BFE1-BC7391AEE2BA",
            "versionEndIncluding": "f7.20a.253",
            "versionStartIncluding": "f7.20a"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:audiocodes:mediant_m800b-msbr:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "B45E7C7F-AA75-4D7B-9883-904E875E84F7"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:audiocodes:mediant_800c-msbr_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0EB66227-D073-40B8-AC87-CB33B68ED552",
            "versionEndIncluding": "f7.20a.253",
            "versionStartIncluding": "f7.20a"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:audiocodes:mediant_800c-msbr:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "77BE21C6-50FB-45AB-8D10-6ED83053BB0E"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References