CVE-2019-9229

An issue was discovered on AudioCodes Mediant 500L-MSBR, 500-MBSR, M800B-MSBR and 800C-MSBR devices with firmware versions F7.20A to F7.20A.251. An internal interface exposed to the link-local address 169.254.254.253 allows attackers in the local network to access multiple quagga VTYs. Attackers can authenticate with the default 1234 password that cannot be changed, and can execute malicious and unauthorized actions.

CVSS v3 8.8 HIGH
CVSS v2.0 5.8 MEDIUM

8.8^/10

CVSS v3 : HIGH

Vector : AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability : 2.8 / Impact : 5.9

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

5.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:A/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 6.5 / Impact : 6.4

Access Vector ADJACENT_NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://www.cirosec.de/fileadmin/1._Unternehmen/1.4._Unsere_Kompetenzen/Security_Advisory_AudioCodes_Mediant_family.pdf	Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:audiocodes:median_500l-msbr_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:audiocodes:median_500l-msbr:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:audiocodes:median_500-msbr_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:audiocodes:median_500-msbr:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:audiocodes:median_m800b-msbr_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:audiocodes:median_m800b-msbr:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:audiocodes:median_800c-msbr_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:audiocodes:median_800c-msbr:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2019-07-20 00:15

Updated : 2020-08-24 17:37

NVD link : CVE-2019-9229

Mitre link : CVE-2019-9229

CVE.ORG link : CVE-2019-9229

JSON object : View

Products Affected

audiocodes

median_500l-msbr_firmware
median_800c-msbr_firmware
median_500-msbr
median_800c-msbr
median_m800b-msbr_firmware
median_500-msbr_firmware
median_500l-msbr
median_m800b-msbr

CWE

CWE-798

Use of Hard-coded Credentials

{"id": "CVE-2019-9229", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.8, "accessVector": "ADJACENT_NETWORK", "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 6.5, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 8.8, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2019-07-20T00:15:11.680", "references": [{"url": "https://www.cirosec.de/fileadmin/1._Unternehmen/1.4._Unsere_Kompetenzen/Security_Advisory_AudioCodes_Mediant_family.pdf", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-798"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered on AudioCodes Mediant 500L-MSBR, 500-MBSR, M800B-MSBR and 800C-MSBR devices with firmware versions F7.20A to F7.20A.251. An internal interface exposed to the link-local address 169.254.254.253 allows attackers in the local network to access multiple quagga VTYs. Attackers can authenticate with the default 1234 password that cannot be changed, and can execute malicious and unauthorized actions."}, {"lang": "es", "value": "Se detect\u00f3 un problema en los dispositivos Mediant 500L-MSBR, 500-MBSR, M800B-MSBR y 800C-MSBR con versiones de firmware F7.20A hasta F7.20A.251 de AudioCodes. Una interfaz interna expuesta en la direcci\u00f3n local de enlace 169.254.254.253 permite a los atacantes en la red local acceder a varios VTYs de quagga. Los atacantes pueden autenticarse con la contrase\u00f1a por defecto 1234 que no puede ser cambiada y pueden ejecutar acciones maliciosas y no autorizadas."}], "lastModified": "2020-08-24T17:37:01.140", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:audiocodes:median_500l-msbr_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FABEE9F1-15BE-4652-BFBC-09EAA92C5280", "versionEndIncluding": "f7.20a.251", "versionStartIncluding": "f7.20a"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:audiocodes:median_500l-msbr:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1228A9BF-1C20-49A9-917A-20804AF739CB"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:audiocodes:median_500-msbr_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D7B29225-8777-4E0E-BC09-190D5C65E9E0", "versionEndIncluding": "f7.20a.251", "versionStartIncluding": "f7.20a"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:audiocodes:median_500-msbr:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "9B7B3CB2-907E-40B8-A5A4-363F6B49B3EC"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:audiocodes:median_m800b-msbr_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "41BA6B49-5755-4057-9017-EAEBF1233A65", "versionEndIncluding": "f7.20a.251", "versionStartIncluding": "f7.20a"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:audiocodes:median_m800b-msbr:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "CC2AEC67-FEE5-42A8-AB33-908FD4492BE3"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:audiocodes:median_800c-msbr_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5CCC16CB-B7F2-4F15-8E95-959743DFB7FF", "versionEndIncluding": "f7.20a.251", "versionStartIncluding": "f7.20a"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:audiocodes:median_800c-msbr:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "60642B30-DE57-4630-8236-05E71B785571"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}