VAR-201907-0311
Vulnerability from variot - Updated: 2024-11-23 22:58An issue was discovered on AudioCodes Mediant 500L-MSBR, 500-MBSR, M800B-MSBR and 800C-MSBR devices with firmware versions F7.20A to F7.20A.251. An internal interface exposed to the link-local address 169.254.254.253 allows attackers in the local network to access multiple quagga VTYs. Attackers can authenticate with the default 1234 password that cannot be changed, and can execute malicious and unauthorized actions. plural AudioCodes Mediant The product contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. AudioCodes Mediant 500L-MSBR and others are products of Israel's AudioCodes. AudioCodes Mediant 500L-MSBR is a 500L series integrated SOHO/SMB router. AudioCodes Mediant 500-MSBR is a 500 series integrated SOHO/SMB router. AudioCodes M800B-MSBR is an M800B series integrated SOHO/SMB router. A number of AudioCodes products have vulnerability management management issues. An attacker could exploit the vulnerability to attack an affected component using a default password or hard-coded password, hard-coded certificate, and so on
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201907-0311",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "median 500-msbr",
"scope": "gte",
"trust": 1.0,
"vendor": "audiocodes",
"version": "f7.20a"
},
{
"model": "median 800c-msbr",
"scope": "gte",
"trust": 1.0,
"vendor": "audiocodes",
"version": "f7.20a"
},
{
"model": "median 500l-msbr",
"scope": "gte",
"trust": 1.0,
"vendor": "audiocodes",
"version": "f7.20a"
},
{
"model": "median 800c-msbr",
"scope": "lte",
"trust": 1.0,
"vendor": "audiocodes",
"version": "f7.20a.251"
},
{
"model": "median 500l-msbr",
"scope": "lte",
"trust": 1.0,
"vendor": "audiocodes",
"version": "f7.20a.251"
},
{
"model": "median m800b-msbr",
"scope": "lte",
"trust": 1.0,
"vendor": "audiocodes",
"version": "f7.20a.251"
},
{
"model": "median 500-msbr",
"scope": "lte",
"trust": 1.0,
"vendor": "audiocodes",
"version": "f7.20a.251"
},
{
"model": "median m800b-msbr",
"scope": "gte",
"trust": 1.0,
"vendor": "audiocodes",
"version": "f7.20a"
},
{
"model": "mediant 500-mbsr",
"scope": "eq",
"trust": 0.8,
"vendor": "audiocodes",
"version": "f7.20a to f7.20a.251"
},
{
"model": "mediant 500l-msbr",
"scope": "eq",
"trust": 0.8,
"vendor": "audiocodes",
"version": "f7.20a to f7.20a.251"
},
{
"model": "mediant 800c-msbr",
"scope": "eq",
"trust": 0.8,
"vendor": "audiocodes",
"version": "f7.20a to f7.20a.251"
},
{
"model": "mediant m800b-msbr",
"scope": "eq",
"trust": 0.8,
"vendor": "audiocodes",
"version": "f7.20a to f7.20a.251"
},
{
"model": "mediant 500l-msbr \u003e=f7.20a,\u003c=f7.20a.251",
"scope": null,
"trust": 0.6,
"vendor": "audiocodes",
"version": null
},
{
"model": "mediant 500-mbsr \u003e=f7.20a,\u003c=f7.20a.251",
"scope": null,
"trust": 0.6,
"vendor": "audiocodes",
"version": null
},
{
"model": "mediant m800b-msbr \u003e=f7.20a,\u003c=f7.20a.251",
"scope": null,
"trust": 0.6,
"vendor": "audiocodes",
"version": null
},
{
"model": "mediant 800c-msbr \u003e=f7.20a;,\u003c=f7.20a.251",
"scope": null,
"trust": 0.6,
"vendor": "audiocodes",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-32050"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006943"
},
{
"db": "NVD",
"id": "CVE-2019-9229"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:audiocodes:mediant_500-mbsr_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:audiocodes:mediant_500l-msbr_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:audiocodes:mediant_800c-msbr_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:audiocodes:mediant_m800b-msbr_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-006943"
}
]
},
"cve": "CVE-2019-9229",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "CVE-2019-9229",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "CNVD-2019-32050",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2019-9229",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-9229",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-9229",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2019-32050",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201907-1146",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-32050"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006943"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-1146"
},
{
"db": "NVD",
"id": "CVE-2019-9229"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered on AudioCodes Mediant 500L-MSBR, 500-MBSR, M800B-MSBR and 800C-MSBR devices with firmware versions F7.20A to F7.20A.251. An internal interface exposed to the link-local address 169.254.254.253 allows attackers in the local network to access multiple quagga VTYs. Attackers can authenticate with the default 1234 password that cannot be changed, and can execute malicious and unauthorized actions. plural AudioCodes Mediant The product contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. AudioCodes Mediant 500L-MSBR and others are products of Israel\u0027s AudioCodes. AudioCodes Mediant 500L-MSBR is a 500L series integrated SOHO/SMB router. AudioCodes Mediant 500-MSBR is a 500 series integrated SOHO/SMB router. AudioCodes M800B-MSBR is an M800B series integrated SOHO/SMB router. A number of AudioCodes products have vulnerability management management issues. An attacker could exploit the vulnerability to attack an affected component using a default password or hard-coded password, hard-coded certificate, and so on",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-9229"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006943"
},
{
"db": "CNVD",
"id": "CNVD-2019-32050"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-9229",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006943",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2019-32050",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201907-1146",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-32050"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006943"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-1146"
},
{
"db": "NVD",
"id": "CVE-2019-9229"
}
]
},
"id": "VAR-201907-0311",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-32050"
}
],
"trust": 1.2625
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-32050"
}
]
},
"last_update_date": "2024-11-23T22:58:38.856000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Multi-Service Business Routers (MSBRs)",
"trust": 0.8,
"url": "https://www.audiocodes.com/solutions-products/products/multi-service-business-routers-msbrs"
},
{
"title": "Patches for multiple AudioCodes product trust management issues",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/180693"
},
{
"title": "Multiple AudioCodes Repair measures for product trust management problem vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=95140"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-32050"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006943"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-1146"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.0
},
{
"problemtype": "CWE-255",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-006943"
},
{
"db": "NVD",
"id": "CVE-2019-9229"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.cirosec.de/fileadmin/1._unternehmen/1.4._unsere_kompetenzen/security_advisory_audiocodes_mediant_family.pdf"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9229"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9229"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-32050"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006943"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-1146"
},
{
"db": "NVD",
"id": "CVE-2019-9229"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-32050"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006943"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-1146"
},
{
"db": "NVD",
"id": "CVE-2019-9229"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-09-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-32050"
},
{
"date": "2019-07-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-006943"
},
{
"date": "2019-07-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201907-1146"
},
{
"date": "2019-07-20T00:15:11.680000",
"db": "NVD",
"id": "CVE-2019-9229"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-09-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-32050"
},
{
"date": "2019-07-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-006943"
},
{
"date": "2020-08-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201907-1146"
},
{
"date": "2024-11-21T04:51:15.413000",
"db": "NVD",
"id": "CVE-2019-9229"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201907-1146"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural AudioCodes Mediant Vulnerabilities related to certificate and password management in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-006943"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201907-1146"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…