Vulnerability-Lookup

CVE-2019-9230 (GCVE-0-2019-9230)

Vulnerability from cvelistv5 – Published: 2019-07-18 14:44 – Updated: 2024-08-04 21:38

Summary

Severity

6.1 (Medium)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE

Assigner

mitre

References

1 reference

URL	Tags
https://www.cirosec.de/fileadmin/1._Unternehmen/1…	x_refsource_MISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T21:38:46.655Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.cirosec.de/fileadmin/1._Unternehmen/1.4._Unsere_Kompetenzen/Security_Advisory_AudioCodes_Mediant_family.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered on AudioCodes Mediant 500L-MSBR, 500-MBSR, M800B-MSBR and 800C-MSBR devices with firmware versions F7.20A to F7.20A.253. A cross-site scripting (XSS) vulnerability in the search function of the management web interface allows remote attackers to inject arbitrary web script or HTML via the keyword parameter."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-07-18T14:44:41.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.cirosec.de/fileadmin/1._Unternehmen/1.4._Unsere_Kompetenzen/Security_Advisory_AudioCodes_Mediant_family.pdf"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-9230",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered on AudioCodes Mediant 500L-MSBR, 500-MBSR, M800B-MSBR and 800C-MSBR devices with firmware versions F7.20A to F7.20A.253. A cross-site scripting (XSS) vulnerability in the search function of the management web interface allows remote attackers to inject arbitrary web script or HTML via the keyword parameter."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.cirosec.de/fileadmin/1._Unternehmen/1.4._Unsere_Kompetenzen/Security_Advisory_AudioCodes_Mediant_family.pdf",
              "refsource": "MISC",
              "url": "https://www.cirosec.de/fileadmin/1._Unternehmen/1.4._Unsere_Kompetenzen/Security_Advisory_AudioCodes_Mediant_family.pdf"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-9230",
    "datePublished": "2019-07-18T14:44:41.000Z",
    "dateReserved": "2019-02-28T00:00:00.000Z",
    "dateUpdated": "2024-08-04T21:38:46.655Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2019-9230",
      "date": "2026-06-03",
      "epss": "0.00223",
      "percentile": "0.45044"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2019-9230\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2019-07-18T15:15:11.523\",\"lastModified\":\"2024-11-21T04:51:15.550\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An issue was discovered on AudioCodes Mediant 500L-MSBR, 500-MBSR, M800B-MSBR and 800C-MSBR devices with firmware versions F7.20A to F7.20A.253. A cross-site scripting (XSS) vulnerability in the search function of the management web interface allows remote attackers to inject arbitrary web script or HTML via the keyword parameter.\"},{\"lang\":\"es\",\"value\":\"Se descubri\u00f3 un problema en los dispositivos AudioCodes Mediant 500L-MSBR, 500-MBSR, M800B-MSBR y 800C-MSBR con versiones de firmware F7.20A a F7.20A.253. Una vulnerabilidad de los scripts entre sitios (XSS) en la funci\u00f3n de b\u00fasqueda de la interfaz web de administraci\u00f3n permite a los atacantes remotos inyectar scripts web o HTML a trav\u00e9s del par\u00e1metro de palabra clave.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":2.7}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:audiocodes:mediant_500l-msbr_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"f7.20a\",\"versionEndIncluding\":\"f7.20a.253\",\"matchCriteriaId\":\"06E7C8AE-B6F5-4257-9C60-3626B540A3D1\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:audiocodes:mediant_500l-msbr:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C63D6D5E-5FDC-48D0-BB8A-5828241D2DB1\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:audiocodes:mediant_500-mbsr_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"f7.20a\",\"versionEndIncluding\":\"f7.20a.253\",\"matchCriteriaId\":\"877EDC8C-B847-4257-8786-3F40078B40E7\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:audiocodes:mediant_500-mbsr:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"449C4C26-69EE-451C-B6DB-4A2C763AB4DF\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:audiocodes:mediant_m800b-msbr_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"f7.20a\",\"versionEndIncluding\":\"f7.20a.253\",\"matchCriteriaId\":\"DF18428D-5EC4-4CC9-BFE1-BC7391AEE2BA\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:audiocodes:mediant_m800b-msbr:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B45E7C7F-AA75-4D7B-9883-904E875E84F7\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:audiocodes:mediant_800c-msbr_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"f7.20a\",\"versionEndIncluding\":\"f7.20a.253\",\"matchCriteriaId\":\"0EB66227-D073-40B8-AC87-CB33B68ED552\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:audiocodes:mediant_800c-msbr:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"77BE21C6-50FB-45AB-8D10-6ED83053BB0E\"}]}]}],\"references\":[{\"url\":\"https://www.cirosec.de/fileadmin/1._Unternehmen/1.4._Unsere_Kompetenzen/Security_Advisory_AudioCodes_Mediant_family.pdf\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.cirosec.de/fileadmin/1._Unternehmen/1.4._Unsere_Kompetenzen/Security_Advisory_AudioCodes_Mediant_family.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
  }
}

CNVD-2019-32046

Vulnerability from cnvd - Published: 2019-09-18

Title

多款AudioCodes产品跨站脚本漏洞

Description

AudioCodes Mediant 500L-MSBR等都是以色列AudioCodes公司的产品。AudioCodes Mediant 500L-MSBR是一款500L系列一体化SOHO/SMB路由器。AudioCodes Mediant 500-MSBR是一款500系列一体化SOHO/SMB路由器。AudioCodes M800B-MSBR是一款M800B系列一体化SOHO/SMB路由器。多款AudioCodes产品存在跨站脚本漏洞。攻击者可利用该漏洞执行客户端代码。

Severity

中

Patch Name

多款AudioCodes产品跨站脚本漏洞的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://www.audiocodes.com/

Reference

https://nvd.nist.gov/vuln/detail/CVE-2019-9230

Impacted products

Name
['AudioCodes AudioCodes Mediant 500L-MSBR >=F7.20A，<=F7.20A.253', 'AudioCodes AudioCodes Mediant 500-MSBR >=F7.20A，<=F7.20A.253', 'AudioCodes AudioCodes M800B-MSBR >=F7.20，<=F7.20A.253', 'AudioCodes AudioCodes Mediant 800C-MSBR >=F7.20A，<=F7.20A.253']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-9230",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2019-9230"
    }
  },
  "description": "AudioCodes Mediant 500L-MSBR\u7b49\u90fd\u662f\u4ee5\u8272\u5217AudioCodes\u516c\u53f8\u7684\u4ea7\u54c1\u3002AudioCodes Mediant 500L-MSBR\u662f\u4e00\u6b3e500L\u7cfb\u5217\u4e00\u4f53\u5316SOHO/SMB\u8def\u7531\u5668\u3002AudioCodes Mediant 500-MSBR\u662f\u4e00\u6b3e500\u7cfb\u5217\u4e00\u4f53\u5316SOHO/SMB\u8def\u7531\u5668\u3002AudioCodes M800B-MSBR\u662f\u4e00\u6b3eM800B\u7cfb\u5217\u4e00\u4f53\u5316SOHO/SMB\u8def\u7531\u5668\u3002\n\n\u591a\u6b3eAudioCodes\u4ea7\u54c1\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u5ba2\u6237\u7aef\u4ee3\u7801\u3002",
  "discovererName": "Stefan Strobel\u0026Simon Winter",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.audiocodes.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-32046",
  "openTime": "2019-09-18",
  "patchDescription": "AudioCodes Mediant 500L-MSBR\u7b49\u90fd\u662f\u4ee5\u8272\u5217AudioCodes\u516c\u53f8\u7684\u4ea7\u54c1\u3002AudioCodes Mediant 500L-MSBR\u662f\u4e00\u6b3e500L\u7cfb\u5217\u4e00\u4f53\u5316SOHO/SMB\u8def\u7531\u5668\u3002AudioCodes Mediant 500-MSBR\u662f\u4e00\u6b3e500\u7cfb\u5217\u4e00\u4f53\u5316SOHO/SMB\u8def\u7531\u5668\u3002AudioCodes M800B-MSBR\u662f\u4e00\u6b3eM800B\u7cfb\u5217\u4e00\u4f53\u5316SOHO/SMB\u8def\u7531\u5668\u3002\r\n\r\n\u591a\u6b3eAudioCodes\u4ea7\u54c1\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u5ba2\u6237\u7aef\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "\u591a\u6b3eAudioCodes\u4ea7\u54c1\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "AudioCodes AudioCodes Mediant 500L-MSBR \u003e=F7.20A\uff0c\u003c=F7.20A.253",
      "AudioCodes AudioCodes Mediant 500-MSBR \u003e=F7.20A\uff0c\u003c=F7.20A.253",
      "AudioCodes AudioCodes M800B-MSBR \u003e=F7.20\uff0c\u003c=F7.20A.253",
      "AudioCodes AudioCodes Mediant 800C-MSBR \u003e=F7.20A\uff0c\u003c=F7.20A.253"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2019-9230",
  "serverity": "\u4e2d",
  "submitTime": "2019-07-22",
  "title": "\u591a\u6b3eAudioCodes\u4ea7\u54c1\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e"
}

FKIE_CVE-2019-9230

Vulnerability from fkie_nvd - Published: 2019-07-18 15:15 - Updated: 2024-11-21 04:51

Severity

6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

References

	URL	Tags
	cve@mitre.org	https://www.cirosec.de/fileadmin/1._Unternehmen/1.4._Unsere_Kompetenzen/Security_Advisory_AudioCodes_Mediant_family.pdf	Third Party Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://www.cirosec.de/fileadmin/1._Unternehmen/1.4._Unsere_Kompetenzen/Security_Advisory_AudioCodes_Mediant_family.pdf	Third Party Advisory

Impacted products

Vendor	Product	Version
audiocodes	mediant_500l-msbr_firmware	*
audiocodes	mediant_500l-msbr	-
audiocodes	mediant_500-mbsr_firmware	*
audiocodes	mediant_500-mbsr	-
audiocodes	mediant_m800b-msbr_firmware	*
audiocodes	mediant_m800b-msbr	-
audiocodes	mediant_800c-msbr_firmware	*
audiocodes	mediant_800c-msbr	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:audiocodes:mediant_500l-msbr_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "06E7C8AE-B6F5-4257-9C60-3626B540A3D1",
              "versionEndIncluding": "f7.20a.253",
              "versionStartIncluding": "f7.20a",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:audiocodes:mediant_500l-msbr:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C63D6D5E-5FDC-48D0-BB8A-5828241D2DB1",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:audiocodes:mediant_500-mbsr_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "877EDC8C-B847-4257-8786-3F40078B40E7",
              "versionEndIncluding": "f7.20a.253",
              "versionStartIncluding": "f7.20a",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:audiocodes:mediant_500-mbsr:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "449C4C26-69EE-451C-B6DB-4A2C763AB4DF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:audiocodes:mediant_m800b-msbr_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF18428D-5EC4-4CC9-BFE1-BC7391AEE2BA",
              "versionEndIncluding": "f7.20a.253",
              "versionStartIncluding": "f7.20a",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:audiocodes:mediant_m800b-msbr:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B45E7C7F-AA75-4D7B-9883-904E875E84F7",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:audiocodes:mediant_800c-msbr_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0EB66227-D073-40B8-AC87-CB33B68ED552",
              "versionEndIncluding": "f7.20a.253",
              "versionStartIncluding": "f7.20a",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:audiocodes:mediant_800c-msbr:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "77BE21C6-50FB-45AB-8D10-6ED83053BB0E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered on AudioCodes Mediant 500L-MSBR, 500-MBSR, M800B-MSBR and 800C-MSBR devices with firmware versions F7.20A to F7.20A.253. A cross-site scripting (XSS) vulnerability in the search function of the management web interface allows remote attackers to inject arbitrary web script or HTML via the keyword parameter."
    },
    {
      "lang": "es",
      "value": "Se descubri\u00f3 un problema en los dispositivos AudioCodes Mediant 500L-MSBR, 500-MBSR, M800B-MSBR y 800C-MSBR con versiones de firmware F7.20A a F7.20A.253. Una vulnerabilidad de los scripts entre sitios (XSS) en la funci\u00f3n de b\u00fasqueda de la interfaz web de administraci\u00f3n permite a los atacantes remotos inyectar scripts web o HTML a trav\u00e9s del par\u00e1metro de palabra clave."
    }
  ],
  "id": "CVE-2019-9230",
  "lastModified": "2024-11-21T04:51:15.550",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-07-18T15:15:11.523",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.cirosec.de/fileadmin/1._Unternehmen/1.4._Unsere_Kompetenzen/Security_Advisory_AudioCodes_Mediant_family.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.cirosec.de/fileadmin/1._Unternehmen/1.4._Unsere_Kompetenzen/Security_Advisory_AudioCodes_Mediant_family.pdf"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-JW7J-W5XQ-5PG6

Vulnerability from github – Published: 2022-05-24 16:50 – Updated: 2024-04-04 01:18

Details

Severity

6.1 (Medium)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2019-9230"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-07-18T15:15:00Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered on AudioCodes Mediant 500L-MSBR, 500-MBSR, M800B-MSBR and 800C-MSBR devices with firmware versions F7.20A to F7.20A.253. A cross-site scripting (XSS) vulnerability in the search function of the management web interface allows remote attackers to inject arbitrary web script or HTML via the keyword parameter.",
  "id": "GHSA-jw7j-w5xq-5pg6",
  "modified": "2024-04-04T01:18:48Z",
  "published": "2022-05-24T16:50:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9230"
    },
    {
      "type": "WEB",
      "url": "https://www.cirosec.de/fileadmin/1._Unternehmen/1.4._Unsere_Kompetenzen/Security_Advisory_AudioCodes_Mediant_family.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2019-9230

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2019-9230

Aliases

CVE-2019-9230

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2019-9230",
    "description": "An issue was discovered on AudioCodes Mediant 500L-MSBR, 500-MBSR, M800B-MSBR and 800C-MSBR devices with firmware versions F7.20A to F7.20A.253. A cross-site scripting (XSS) vulnerability in the search function of the management web interface allows remote attackers to inject arbitrary web script or HTML via the keyword parameter.",
    "id": "GSD-2019-9230"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2019-9230"
      ],
      "details": "An issue was discovered on AudioCodes Mediant 500L-MSBR, 500-MBSR, M800B-MSBR and 800C-MSBR devices with firmware versions F7.20A to F7.20A.253. A cross-site scripting (XSS) vulnerability in the search function of the management web interface allows remote attackers to inject arbitrary web script or HTML via the keyword parameter.",
      "id": "GSD-2019-9230",
      "modified": "2023-12-13T01:23:47.507469Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2019-9230",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "An issue was discovered on AudioCodes Mediant 500L-MSBR, 500-MBSR, M800B-MSBR and 800C-MSBR devices with firmware versions F7.20A to F7.20A.253. A cross-site scripting (XSS) vulnerability in the search function of the management web interface allows remote attackers to inject arbitrary web script or HTML via the keyword parameter."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.cirosec.de/fileadmin/1._Unternehmen/1.4._Unsere_Kompetenzen/Security_Advisory_AudioCodes_Mediant_family.pdf",
            "refsource": "MISC",
            "url": "https://www.cirosec.de/fileadmin/1._Unternehmen/1.4._Unsere_Kompetenzen/Security_Advisory_AudioCodes_Mediant_family.pdf"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:audiocodes:mediant_500l-msbr_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "f7.20a.253",
                    "versionStartIncluding": "f7.20a",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:audiocodes:mediant_500l-msbr:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:audiocodes:mediant_500-mbsr_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "f7.20a.253",
                    "versionStartIncluding": "f7.20a",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:audiocodes:mediant_500-mbsr:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:audiocodes:mediant_m800b-msbr_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "f7.20a.253",
                    "versionStartIncluding": "f7.20a",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:audiocodes:mediant_m800b-msbr:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:audiocodes:mediant_800c-msbr_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "f7.20a.253",
                    "versionStartIncluding": "f7.20a",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:audiocodes:mediant_800c-msbr:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-9230"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "An issue was discovered on AudioCodes Mediant 500L-MSBR, 500-MBSR, M800B-MSBR and 800C-MSBR devices with firmware versions F7.20A to F7.20A.253. A cross-site scripting (XSS) vulnerability in the search function of the management web interface allows remote attackers to inject arbitrary web script or HTML via the keyword parameter."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.cirosec.de/fileadmin/1._Unternehmen/1.4._Unsere_Kompetenzen/Security_Advisory_AudioCodes_Mediant_family.pdf",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://www.cirosec.de/fileadmin/1._Unternehmen/1.4._Unsere_Kompetenzen/Security_Advisory_AudioCodes_Mediant_family.pdf"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 2.7
        }
      },
      "lastModifiedDate": "2019-07-29T13:22Z",
      "publishedDate": "2019-07-18T15:15Z"
    }
  }
}

VAR-201907-0312

Vulnerability from variot - Updated: 2024-11-23 21:52

An issue was discovered on AudioCodes Mediant 500L-MSBR, 500-MBSR, M800B-MSBR and 800C-MSBR devices with firmware versions F7.20A to F7.20A.253. A cross-site scripting (XSS) vulnerability in the search function of the management web interface allows remote attackers to inject arbitrary web script or HTML via the keyword parameter. plural AudioCodes Mediant The device firmware contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. AudioCodes Mediant 500L-MSBR and others are products of Israel's AudioCodes. AudioCodes Mediant 500L-MSBR is a 500L series integrated SOHO/SMB router. AudioCodes Mediant 500-MSBR is a 500 series integrated SOHO/SMB router. AudioCodes M800B-MSBR is an M800B series integrated SOHO/SMB router. A cross-site scripting vulnerability exists in several AudioCodes products. An attacker could exploit the vulnerability to execute client code

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201907-0312",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "mediant m800b-msbr",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "audiocodes",
        "version": "f7.20a.253"
      },
      {
        "model": "mediant 500-mbsr",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "audiocodes",
        "version": "f7.20a.253"
      },
      {
        "model": "mediant 500l-msbr",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "audiocodes",
        "version": "f7.20a.253"
      },
      {
        "model": "mediant 500-mbsr",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "audiocodes",
        "version": "f7.20a"
      },
      {
        "model": "mediant m800b-msbr",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "audiocodes",
        "version": "f7.20a"
      },
      {
        "model": "mediant 800c-msbr",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "audiocodes",
        "version": "f7.20a.253"
      },
      {
        "model": "mediant 800c-msbr",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "audiocodes",
        "version": "f7.20a"
      },
      {
        "model": "mediant 500l-msbr",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "audiocodes",
        "version": "f7.20a"
      },
      {
        "model": "mediant 500-mbsr",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "audiocodes",
        "version": "f7.20a to  f7.20a.253"
      },
      {
        "model": "mediant 500l-msbr",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "audiocodes",
        "version": "f7.20a to  f7.20a.253"
      },
      {
        "model": "mediant 800c-msbr",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "audiocodes",
        "version": "f7.20a to  f7.20a.253"
      },
      {
        "model": "mediant m800b-msbr",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "audiocodes",
        "version": "f7.20a to  f7.20a.253"
      },
      {
        "model": "mediant 500l-msbr \u003e=f7.20a,\u003c=f7.20a.253",
        "scope": null,
        "trust": 0.6,
        "vendor": "audiocodes",
        "version": null
      },
      {
        "model": "mediant 500-msbr \u003e=f7.20a,\u003c=f7.20a.253",
        "scope": null,
        "trust": 0.6,
        "vendor": "audiocodes",
        "version": null
      },
      {
        "model": "m800b-msbr \u003e=f7.20,\u003c=f7.20a.253",
        "scope": null,
        "trust": 0.6,
        "vendor": "audiocodes",
        "version": null
      },
      {
        "model": "mediant 800c-msbr \u003e=f7.20a,\u003c=f7.20a.253",
        "scope": null,
        "trust": 0.6,
        "vendor": "audiocodes",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-32046"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-007069"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-9230"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:audiocodes:mediant_500-mbsr_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:audiocodes:mediant_500l-msbr_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:audiocodes:mediant_800c-msbr_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:audiocodes:mediant_m800b-msbr_firmware",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-007069"
      }
    ]
  },
  "cve": "CVE-2019-9230",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "CVE-2019-9230",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "CNVD-2019-32046",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 2.8,
            "id": "CVE-2019-9230",
            "impactScore": 2.7,
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "trust": 1.8,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2019-9230",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2019-9230",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2019-32046",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201907-1063",
            "trust": 0.6,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-32046"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-007069"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201907-1063"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-9230"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "An issue was discovered on AudioCodes Mediant 500L-MSBR, 500-MBSR, M800B-MSBR and 800C-MSBR devices with firmware versions F7.20A to F7.20A.253. A cross-site scripting (XSS) vulnerability in the search function of the management web interface allows remote attackers to inject arbitrary web script or HTML via the keyword parameter. plural AudioCodes Mediant The device firmware contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. AudioCodes Mediant 500L-MSBR and others are products of Israel\u0027s AudioCodes. AudioCodes Mediant 500L-MSBR is a 500L series integrated SOHO/SMB router. AudioCodes Mediant 500-MSBR is a 500 series integrated SOHO/SMB router. AudioCodes M800B-MSBR is an M800B series integrated SOHO/SMB router. A cross-site scripting vulnerability exists in several AudioCodes products. An attacker could exploit the vulnerability to execute client code",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-9230"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-007069"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-32046"
      }
    ],
    "trust": 2.16
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2019-9230",
        "trust": 3.0
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-007069",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-32046",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201907-1063",
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-32046"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-007069"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201907-1063"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-9230"
      }
    ]
  },
  "id": "VAR-201907-0312",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-32046"
      }
    ],
    "trust": 1.375
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS",
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-32046"
      }
    ]
  },
  "last_update_date": "2024-11-23T21:52:08.354000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Multi-Service Business Routers (MSBRs)",
        "trust": 0.8,
        "url": "https://www.audiocodes.com/solutions-products/products/multi-service-business-routers-msbrs"
      },
      {
        "title": "Patches for cross-site scripting vulnerabilities in several AudioCodes products",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/180695"
      },
      {
        "title": "Multiple AudioCodes Fixes for product cross-site scripting vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=95084"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-32046"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-007069"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201907-1063"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-79",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-007069"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-9230"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.4,
        "url": "https://www.cirosec.de/fileadmin/1._unternehmen/1.4._unsere_kompetenzen/security_advisory_audiocodes_mediant_family.pdf"
      },
      {
        "trust": 2.0,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9230"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9230"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-32046"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-007069"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201907-1063"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-9230"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-32046"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-007069"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201907-1063"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-9230"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-09-18T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2019-32046"
      },
      {
        "date": "2019-07-31T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-007069"
      },
      {
        "date": "2019-07-18T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201907-1063"
      },
      {
        "date": "2019-07-18T15:15:11.523000",
        "db": "NVD",
        "id": "CVE-2019-9230"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-09-19T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2019-32046"
      },
      {
        "date": "2019-07-31T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-007069"
      },
      {
        "date": "2019-07-30T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201907-1063"
      },
      {
        "date": "2024-11-21T04:51:15.550000",
        "db": "NVD",
        "id": "CVE-2019-9230"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201907-1063"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "plural  AudioCodes Mediant Cross-site scripting vulnerability in device firmware",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-007069"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "XSS",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201907-1063"
      }
    ],
    "trust": 0.6
  }
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2019-9230 (GCVE-0-2019-9230)

CNVD-2019-32046

FKIE_CVE-2019-9230

GHSA-JW7J-W5XQ-5PG6

GSD-2019-9230

VAR-201907-0312

Tags

Sightings

Nomenclature