Sign-up

ID

VAR-201904-0705


CVE

CVE-2018-16219


TITLE

AudioCodes 405HD VoIP phone Firmware authentication vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-015340

DESCRIPTION

A missing password verification in the web interface in AudioCodes 405HD VoIP phone with firmware 2.2.12 allows an remote attacker (in the same network as the device) to change the admin password without authentication via a POST request. AudioCodes 405HD VoIP phone There are authentication vulnerabilities in the firmware.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. AudioCodes 405HD VoIP Phone is an IP phone product of Israel AudioCodes company

Trust: 1.71

sources: NVD: CVE-2018-16219 // JVNDB: JVNDB-2018-015340 // VULHUB: VHN-126556

AFFECTED PRODUCTS

vendor:audiocodesmodel:405hdscope:eqversion:2.2.12

Trust: 1.8

sources: JVNDB: JVNDB-2018-015340 // NVD: CVE-2018-16219

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-16219
value: HIGH

Trust: 1.0

NVD: CVE-2018-16219
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201904-1190
value: HIGH

Trust: 0.6

VULHUB: VHN-126556
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2018-16219
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:N/I:P/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-126556
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:N/I:P/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-16219
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-126556 // JVNDB: JVNDB-2018-015340 // CNNVD: CNNVD-201904-1190 // NVD: CVE-2018-16219

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.9

sources: VULHUB: VHN-126556 // JVNDB: JVNDB-2018-015340 // NVD: CVE-2018-16219

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201904-1190

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201904-1190

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-015340

PATCH
title:405HD IP Phoneurl:https://www.audiocodes.com/solutions-products/products/ip-phones/405hd-ip-phone
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2018-015340

EXTERNAL IDS
db:NVDid:CVE-2018-16219
Trust: 2.5
db:JVNDBid:JVNDB-2018-015340
Trust: 0.8
db:CNNVDid:CNNVD-201904-1190
Trust: 0.7
db:VULHUBid:VHN-126556
Trust: 0.1
sources:
            
            
            VULHUB: VHN-126556 // 
            
            
            
            JVNDB: JVNDB-2018-015340 // 
            
            
            
            CNNVD: CNNVD-201904-1190 // 
            
            
            
            NVD: CVE-2018-16219

REFERENCES
url:https://www.sit.fraunhofer.de/fileadmin/dokumente/cve/advisory_audiocodes_405hd.pdf
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2018-16219
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-16219
Trust: 0.8
sources:
            
            
            VULHUB: VHN-126556 // 
            
            
            
            JVNDB: JVNDB-2018-015340 // 
            
            
            
            CNNVD: CNNVD-201904-1190 // 
            
            
            
            NVD: CVE-2018-16219

SOURCES
db:VULHUBid:VHN-126556
db:JVNDBid:JVNDB-2018-015340
db:CNNVDid:CNNVD-201904-1190
db:NVDid:CVE-2018-16219

LAST UPDATE DATE
2024-11-23T22:55:37.526000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-126556date:2019-04-26T00:00:00
db:JVNDBid:JVNDB-2018-015340date:2019-05-28T00:00:00
db:CNNVDid:CNNVD-201904-1190date:2019-04-28T00:00:00
db:NVDid:CVE-2018-16219date:2024-11-21T03:52:18.327

SOURCES RELEASE DATE
db:VULHUBid:VHN-126556date:2019-04-25T00:00:00
db:JVNDBid:JVNDB-2018-015340date:2019-05-28T00:00:00
db:CNNVDid:CNNVD-201904-1190date:2019-04-25T00:00:00
db:NVDid:CVE-2018-16219date:2019-04-25T20:29:01.850