CVE-2019-9231

Published Jul 18, 2019

Last updated 6 years ago

CVSS high 8.8

Overview

Description: An issue was discovered on AudioCodes Mediant 500L-MSBR, 500-MBSR, M800B-MSBR and 800C-MSBR devices with firmware versions before 7.20A.202.307. A Cross-Site Request Forgery (CSRF) vulnerability in the management web interface allows remote attackers to execute malicious and unauthorized actions, because CSRFProtection=1 is not a default and is not documented.
Source: cve@mitre.org
NVD status: Analyzed

Risk scores

CVSS 3.0

Type: Primary
Base score: 8.8
Impact score: 5.9
Exploitability score: 2.8
Vector string: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 6.8
Impact score: 6.4
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-352

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:audiocodes:mediant_500l-msbr_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0415DF0B-2809-4309-8253-B64200766A78",
            "versionEndExcluding": "f7.20a.202.307",
            "versionStartIncluding": "f7.20a"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:audiocodes:mediant_500l-msbr:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "C63D6D5E-5FDC-48D0-BB8A-5828241D2DB1"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:audiocodes:mediant_500-mbsr_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "06EA50D0-037D-4BE2-9B63-14F56F6DC28B",
            "versionEndExcluding": "f7.20a.202.307",
            "versionStartIncluding": "f7.20a"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:audiocodes:mediant_500-mbsr:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "449C4C26-69EE-451C-B6DB-4A2C763AB4DF"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:audiocodes:mediant_m800b-msbr_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BA610D8F-BD2B-4872-BFC7-FEB72253D876",
            "versionEndExcluding": "f7.20a.202.307",
            "versionStartIncluding": "f7.20a"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:audiocodes:mediant_m800b-msbr:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "B45E7C7F-AA75-4D7B-9883-904E875E84F7"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:audiocodes:mediant_800c-msbr_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C0226418-529D-453F-925B-BF98CECEBC85",
            "versionEndExcluding": "f7.20a.202.307",
            "versionStartIncluding": "f7.20a"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:audiocodes:mediant_800c-msbr:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "77BE21C6-50FB-45AB-8D10-6ED83053BB0E"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References