VAR-201907-0312
Vulnerability from variot - Updated: 2024-11-23 21:52An issue was discovered on AudioCodes Mediant 500L-MSBR, 500-MBSR, M800B-MSBR and 800C-MSBR devices with firmware versions F7.20A to F7.20A.253. A cross-site scripting (XSS) vulnerability in the search function of the management web interface allows remote attackers to inject arbitrary web script or HTML via the keyword parameter. plural AudioCodes Mediant The device firmware contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. AudioCodes Mediant 500L-MSBR and others are products of Israel's AudioCodes. AudioCodes Mediant 500L-MSBR is a 500L series integrated SOHO/SMB router. AudioCodes Mediant 500-MSBR is a 500 series integrated SOHO/SMB router. AudioCodes M800B-MSBR is an M800B series integrated SOHO/SMB router. A cross-site scripting vulnerability exists in several AudioCodes products. An attacker could exploit the vulnerability to execute client code
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201907-0312",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mediant m800b-msbr",
"scope": "lte",
"trust": 1.0,
"vendor": "audiocodes",
"version": "f7.20a.253"
},
{
"model": "mediant 500-mbsr",
"scope": "lte",
"trust": 1.0,
"vendor": "audiocodes",
"version": "f7.20a.253"
},
{
"model": "mediant 500l-msbr",
"scope": "lte",
"trust": 1.0,
"vendor": "audiocodes",
"version": "f7.20a.253"
},
{
"model": "mediant 500-mbsr",
"scope": "gte",
"trust": 1.0,
"vendor": "audiocodes",
"version": "f7.20a"
},
{
"model": "mediant m800b-msbr",
"scope": "gte",
"trust": 1.0,
"vendor": "audiocodes",
"version": "f7.20a"
},
{
"model": "mediant 800c-msbr",
"scope": "lte",
"trust": 1.0,
"vendor": "audiocodes",
"version": "f7.20a.253"
},
{
"model": "mediant 800c-msbr",
"scope": "gte",
"trust": 1.0,
"vendor": "audiocodes",
"version": "f7.20a"
},
{
"model": "mediant 500l-msbr",
"scope": "gte",
"trust": 1.0,
"vendor": "audiocodes",
"version": "f7.20a"
},
{
"model": "mediant 500-mbsr",
"scope": "eq",
"trust": 0.8,
"vendor": "audiocodes",
"version": "f7.20a to f7.20a.253"
},
{
"model": "mediant 500l-msbr",
"scope": "eq",
"trust": 0.8,
"vendor": "audiocodes",
"version": "f7.20a to f7.20a.253"
},
{
"model": "mediant 800c-msbr",
"scope": "eq",
"trust": 0.8,
"vendor": "audiocodes",
"version": "f7.20a to f7.20a.253"
},
{
"model": "mediant m800b-msbr",
"scope": "eq",
"trust": 0.8,
"vendor": "audiocodes",
"version": "f7.20a to f7.20a.253"
},
{
"model": "mediant 500l-msbr \u003e=f7.20a,\u003c=f7.20a.253",
"scope": null,
"trust": 0.6,
"vendor": "audiocodes",
"version": null
},
{
"model": "mediant 500-msbr \u003e=f7.20a,\u003c=f7.20a.253",
"scope": null,
"trust": 0.6,
"vendor": "audiocodes",
"version": null
},
{
"model": "m800b-msbr \u003e=f7.20,\u003c=f7.20a.253",
"scope": null,
"trust": 0.6,
"vendor": "audiocodes",
"version": null
},
{
"model": "mediant 800c-msbr \u003e=f7.20a,\u003c=f7.20a.253",
"scope": null,
"trust": 0.6,
"vendor": "audiocodes",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-32046"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-007069"
},
{
"db": "NVD",
"id": "CVE-2019-9230"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:audiocodes:mediant_500-mbsr_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:audiocodes:mediant_500l-msbr_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:audiocodes:mediant_800c-msbr_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:audiocodes:mediant_m800b-msbr_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-007069"
}
]
},
"cve": "CVE-2019-9230",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2019-9230",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2019-32046",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2019-9230",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-9230",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2019-9230",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2019-32046",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201907-1063",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-32046"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-007069"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-1063"
},
{
"db": "NVD",
"id": "CVE-2019-9230"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered on AudioCodes Mediant 500L-MSBR, 500-MBSR, M800B-MSBR and 800C-MSBR devices with firmware versions F7.20A to F7.20A.253. A cross-site scripting (XSS) vulnerability in the search function of the management web interface allows remote attackers to inject arbitrary web script or HTML via the keyword parameter. plural AudioCodes Mediant The device firmware contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. AudioCodes Mediant 500L-MSBR and others are products of Israel\u0027s AudioCodes. AudioCodes Mediant 500L-MSBR is a 500L series integrated SOHO/SMB router. AudioCodes Mediant 500-MSBR is a 500 series integrated SOHO/SMB router. AudioCodes M800B-MSBR is an M800B series integrated SOHO/SMB router. A cross-site scripting vulnerability exists in several AudioCodes products. An attacker could exploit the vulnerability to execute client code",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-9230"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-007069"
},
{
"db": "CNVD",
"id": "CNVD-2019-32046"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-9230",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2019-007069",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2019-32046",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201907-1063",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-32046"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-007069"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-1063"
},
{
"db": "NVD",
"id": "CVE-2019-9230"
}
]
},
"id": "VAR-201907-0312",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-32046"
}
],
"trust": 1.375
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-32046"
}
]
},
"last_update_date": "2024-11-23T21:52:08.354000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Multi-Service Business Routers (MSBRs)",
"trust": 0.8,
"url": "https://www.audiocodes.com/solutions-products/products/multi-service-business-routers-msbrs"
},
{
"title": "Patches for cross-site scripting vulnerabilities in several AudioCodes products",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/180695"
},
{
"title": "Multiple AudioCodes Fixes for product cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=95084"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-32046"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-007069"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-1063"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-007069"
},
{
"db": "NVD",
"id": "CVE-2019-9230"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.cirosec.de/fileadmin/1._unternehmen/1.4._unsere_kompetenzen/security_advisory_audiocodes_mediant_family.pdf"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9230"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9230"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-32046"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-007069"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-1063"
},
{
"db": "NVD",
"id": "CVE-2019-9230"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-32046"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-007069"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-1063"
},
{
"db": "NVD",
"id": "CVE-2019-9230"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-09-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-32046"
},
{
"date": "2019-07-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-007069"
},
{
"date": "2019-07-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201907-1063"
},
{
"date": "2019-07-18T15:15:11.523000",
"db": "NVD",
"id": "CVE-2019-9230"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-09-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-32046"
},
{
"date": "2019-07-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-007069"
},
{
"date": "2019-07-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201907-1063"
},
{
"date": "2024-11-21T04:51:15.550000",
"db": "NVD",
"id": "CVE-2019-9230"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201907-1063"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural AudioCodes Mediant Cross-site scripting vulnerability in device firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-007069"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201907-1063"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…