← Back

CVE-2019-9229

nvd nist
Published: Jul 20, 2019Modified: Nov 21, 2024

JSON object

Loading...
8.8
Vector
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: NVD

Description

An issue was discovered on AudioCodes Mediant 500L-MSBR, 500-MBSR, M800B-MSBR and 800C-MSBR devices with firmware versions F7.20A to F7.20A.251. An internal interface exposed to the link-local address 169.254.254.253 allows attackers in the local network to access multiple quagga VTYs. Attackers can authenticate with the default 1234 password that cannot be changed, and can execute malicious and unauthorized actions.

Affected (4)

Audiocodes
4 products
Median 500l Msbr Firmware
Median 500 Msbr Firmware
Median M800b Msbr Firmware
Median 800c Msbr Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Median 500l Msbr Firmware
From f7.20a to f7.20a.251
Running on/withPlatform Versions
Audiocodes
Median 500l Msbr
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Median 500 Msbr Firmware
From f7.20a to f7.20a.251
Running on/withPlatform Versions
Audiocodes
Median 500 Msbr
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Median M800b Msbr Firmware
From f7.20a to f7.20a.251
Running on/withPlatform Versions
Audiocodes
Median M800b Msbr
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Median 800c Msbr Firmware
From f7.20a to f7.20a.251
Running on/withPlatform Versions
Audiocodes
Median 800c Msbr
All versions

Related CWEs

CWE-798
Use of Hard-coded Credentials
The product contains hard-coded credentials, such as a password or cryptographic key.

References (2)

Source: cve@mitre.org
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

Timeline

No history available yet.