CVE-2019-9229 - OpenCVE

An issue was discovered on AudioCodes Mediant 500L-MSBR, 500-MBSR, M800B-MSBR and 800C-MSBR devices with firmware versions F7.20A to F7.20A.251. An internal interface exposed to the link-local address 169.254.254.253 allows attackers in the local network to access multiple quagga VTYs. Attackers can authenticate with the default 1234 password that cannot be changed, and can execute malicious and unauthorized actions.

No CVSS v3.1

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Adjacent Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:A/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Audiocodes	Median 500l-msbr Firmware Median 500-msbr Median 500-msbr Firmware Median 800c-msbr Median M800b-msbr Firmware Median 800c-msbr Firmware Median M800b-msbr Median 500l-msbr

Configuration 1 [-]

AND

cpe:2.3:o:audiocodes:median_500l-msbr_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:audiocodes:median_500l-msbr:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:audiocodes:median_500-msbr_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:audiocodes:median_500-msbr:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:audiocodes:median_m800b-msbr_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:audiocodes:median_m800b-msbr:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:audiocodes:median_800c-msbr_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:audiocodes:median_800c-msbr:-:*:*:*:*:*:*:*

References

Link	Resource
https://www.cirosec.de/fileadmin/1._Unternehmen/1.4._Unsere_Kompetenzen/Security_Advisory_AudioCodes_Mediant_family.pdf	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2019-07-19T23:05:22

Updated: 2019-07-19T23:05:22

Reserved: 2019-02-28T00:00:00

Link: CVE-2019-9229

JSON object: View

NVD Information

Status : Analyzed

Published: 2019-07-20T00:15:11.680

Modified: 2020-08-24T17:37:01.140

Link: CVE-2019-9229

JSON object: View

Redhat Information

No data.

CWE

CWE-798

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered on AudioCodes Mediant 500L-MSBR, 500-MBSR, M800B-MSBR and 800C-MSBR devices with firmware versions F7.20A to F7.20A.251. An internal interface exposed to the link-local address 169.254.254.253 allows attackers in the local network to access multiple quagga VTYs. Attackers can authenticate with the default 1234 password that cannot be changed, and can execute malicious and unauthorized actions."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-07-19T23:05:22", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.cirosec.de/fileadmin/1._Unternehmen/1.4._Unsere_Kompetenzen/Security_Advisory_AudioCodes_Mediant_family.pdf"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-9229", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue was discovered on AudioCodes Mediant 500L-MSBR, 500-MBSR, M800B-MSBR and 800C-MSBR devices with firmware versions F7.20A to F7.20A.251. An internal interface exposed to the link-local address 169.254.254.253 allows attackers in the local network to access multiple quagga VTYs. Attackers can authenticate with the default 1234 password that cannot be changed, and can execute malicious and unauthorized actions."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.cirosec.de/fileadmin/1._Unternehmen/1.4._Unsere_Kompetenzen/Security_Advisory_AudioCodes_Mediant_family.pdf", "refsource": "MISC", "url": "https://www.cirosec.de/fileadmin/1._Unternehmen/1.4._Unsere_Kompetenzen/Security_Advisory_AudioCodes_Mediant_family.pdf"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-9229", "datePublished": "2019-07-19T23:05:22", "dateReserved": "2019-02-28T00:00:00", "dateUpdated": "2019-07-19T23:05:22", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:audiocodes:median_500l-msbr_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "FABEE9F1-15BE-4652-BFBC-09EAA92C5280", "versionEndIncluding": "f7.20a.251", "versionStartIncluding": "f7.20a", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:audiocodes:median_500l-msbr:-:*:*:*:*:*:*:*", "matchCriteriaId": "1228A9BF-1C20-49A9-917A-20804AF739CB", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:audiocodes:median_500-msbr_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D7B29225-8777-4E0E-BC09-190D5C65E9E0", "versionEndIncluding": "f7.20a.251", "versionStartIncluding": "f7.20a", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:audiocodes:median_500-msbr:-:*:*:*:*:*:*:*", "matchCriteriaId": "9B7B3CB2-907E-40B8-A5A4-363F6B49B3EC", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:audiocodes:median_m800b-msbr_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "41BA6B49-5755-4057-9017-EAEBF1233A65", "versionEndIncluding": "f7.20a.251", "versionStartIncluding": "f7.20a", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:audiocodes:median_m800b-msbr:-:*:*:*:*:*:*:*", "matchCriteriaId": "CC2AEC67-FEE5-42A8-AB33-908FD4492BE3", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:audiocodes:median_800c-msbr_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "5CCC16CB-B7F2-4F15-8E95-959743DFB7FF", "versionEndIncluding": "f7.20a.251", "versionStartIncluding": "f7.20a", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:audiocodes:median_800c-msbr:-:*:*:*:*:*:*:*", "matchCriteriaId": "60642B30-DE57-4630-8236-05E71B785571", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "An issue was discovered on AudioCodes Mediant 500L-MSBR, 500-MBSR, M800B-MSBR and 800C-MSBR devices with firmware versions F7.20A to F7.20A.251. An internal interface exposed to the link-local address 169.254.254.253 allows attackers in the local network to access multiple quagga VTYs. Attackers can authenticate with the default 1234 password that cannot be changed, and can execute malicious and unauthorized actions."}, {"lang": "es", "value": "Se detect\u00f3 un problema en los dispositivos Mediant 500L-MSBR, 500-MBSR, M800B-MSBR y 800C-MSBR con versiones de firmware F7.20A hasta F7.20A.251 de AudioCodes. Una interfaz interna expuesta en la direcci\u00f3n local de enlace 169.254.254.253 permite a los atacantes en la red local acceder a varios VTYs de quagga. Los atacantes pueden autenticarse con la contrase\u00f1a por defecto 1234 que no puede ser cambiada y pueden ejecutar acciones maliciosas y no autorizadas."}], "id": "CVE-2019-9229", "lastModified": "2020-08-24T17:37:01.140", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 6.5, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-07-20T00:15:11.680", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.cirosec.de/fileadmin/1._Unternehmen/1.4._Unsere_Kompetenzen/Security_Advisory_AudioCodes_Mediant_family.pdf"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-798"}], "source": "nvd@nist.gov", "type": "Primary"}]}