CVE-2019-20030 - OpenCVE

An attacker with knowledge of the modem access number on a NEC UM8000 voicemail system may use SSH tunneling or standard Linux utilities to gain access to the system's LAN port. All versions are affected.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Nec	Um8000 Um8000 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:nec:um8000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:nec:um8000:-:*:*:*:*:*:*:*

References

Link	Resource
https://shadytel.su/files/nec_cve.txt	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2020-07-29T17:29:58

Updated: 2020-07-29T17:29:58

Reserved: 2019-12-27T00:00:00

Link: CVE-2019-20030

JSON object: View

NVD Information

Status : Analyzed

Published: 2020-07-29T18:15:13.657

Modified: 2020-08-03T19:43:41.203

Link: CVE-2019-20030

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-noinfo

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:nec:um8000_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "A2A1D915-BEBE-4C38-9362-CD42D368E376", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:nec:um8000:-:*:*:*:*:*:*:*", "matchCriteriaId": "AB18A6B9-5C17-4DB1-80B0-C6E1AE055F64", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "An attacker with knowledge of the modem access number on a NEC UM8000 voicemail system may use SSH tunneling or standard Linux utilities to gain access to the system's LAN port. All versions are affected."}, {"lang": "es", "value": "Un atacante con conocimiento del n\u00famero de acceso al m\u00f3dem en un sistema de correo de voz de NEC UM8000 puede usar t\u00faneles SSH o utilidades est\u00e1ndar de Linux para obtener acceso al puerto LAN del sistema. Todas las versiones est\u00e1n afectadas"}], "id": "CVE-2019-20030", "lastModified": "2020-08-03T19:43:41.203", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-07-29T18:15:13.657", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://shadytel.su/files/nec_cve.txt"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}