Details of VAR-201907-0311

ID

VAR-201907-0311

CVE

CVE-2019-9229

TITLE

plural AudioCodes Mediant Vulnerabilities related to certificate and password management in products

Trust: 0.8

sources: JVNDB: JVNDB-2019-006943

DESCRIPTION

An issue was discovered on AudioCodes Mediant 500L-MSBR, 500-MBSR, M800B-MSBR and 800C-MSBR devices with firmware versions F7.20A to F7.20A.251. An internal interface exposed to the link-local address 169.254.254.253 allows attackers in the local network to access multiple quagga VTYs. Attackers can authenticate with the default 1234 password that cannot be changed, and can execute malicious and unauthorized actions. plural AudioCodes Mediant The product contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. AudioCodes Mediant 500L-MSBR and others are products of Israel's AudioCodes. AudioCodes Mediant 500L-MSBR is a 500L series integrated SOHO/SMB router. AudioCodes Mediant 500-MSBR is a 500 series integrated SOHO/SMB router. AudioCodes M800B-MSBR is an M800B series integrated SOHO/SMB router. A number of AudioCodes products have vulnerability management management issues. An attacker could exploit the vulnerability to attack an affected component using a default password or hard-coded password, hard-coded certificate, and so on

Trust: 2.16

sources: NVD: CVE-2019-9229 // JVNDB: JVNDB-2019-006943 // CNVD: CNVD-2019-32050

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2019-32050

AFFECTED PRODUCTS

vendor:	audiocodes	model:	median 500-msbr	scope:	gte	version:	f7.20a	Trust: 1.0
vendor:	audiocodes	model:	median 800c-msbr	scope:	gte	version:	f7.20a	Trust: 1.0
vendor:	audiocodes	model:	median 500l-msbr	scope:	gte	version:	f7.20a	Trust: 1.0
vendor:	audiocodes	model:	median 800c-msbr	scope:	lte	version:	f7.20a.251	Trust: 1.0
vendor:	audiocodes	model:	median 500l-msbr	scope:	lte	version:	f7.20a.251	Trust: 1.0
vendor:	audiocodes	model:	median m800b-msbr	scope:	lte	version:	f7.20a.251	Trust: 1.0
vendor:	audiocodes	model:	median 500-msbr	scope:	lte	version:	f7.20a.251	Trust: 1.0
vendor:	audiocodes	model:	median m800b-msbr	scope:	gte	version:	f7.20a	Trust: 1.0
vendor:	audiocodes	model:	mediant 500-mbsr	scope:	eq	version:	f7.20a to f7.20a.251	Trust: 0.8
vendor:	audiocodes	model:	mediant 500l-msbr	scope:	eq	version:	f7.20a to f7.20a.251	Trust: 0.8
vendor:	audiocodes	model:	mediant 800c-msbr	scope:	eq	version:	f7.20a to f7.20a.251	Trust: 0.8
vendor:	audiocodes	model:	mediant m800b-msbr	scope:	eq	version:	f7.20a to f7.20a.251	Trust: 0.8
vendor:	audiocodes	model:	mediant 500l-msbr >=f7.20a,<=f7.20a.251	scope:	-	version:	-	Trust: 0.6
vendor:	audiocodes	model:	mediant 500-mbsr >=f7.20a,<=f7.20a.251	scope:	-	version:	-	Trust: 0.6
vendor:	audiocodes	model:	mediant m800b-msbr >=f7.20a,<=f7.20a.251	scope:	-	version:	-	Trust: 0.6
vendor:	audiocodes	model:	mediant 800c-msbr >=f7.20a;,<=f7.20a.251	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2019-32050 // JVNDB: JVNDB-2019-006943 // NVD: CVE-2019-9229

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-9229
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-9229
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2019-32050
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201907-1146
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2019-9229
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2019-32050
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2019-9229
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2019-32050 // JVNDB: JVNDB-2019-006943 // CNNVD: CNNVD-201907-1146 // NVD: CVE-2019-9229

PROBLEMTYPE DATA

problemtype:	CWE-798	Trust: 1.0
problemtype:	CWE-255	Trust: 0.8

sources: JVNDB: JVNDB-2019-006943 // NVD: CVE-2019-9229

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201907-1146

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201907-1146

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-006943

PATCH

title:	Multi-Service Business Routers (MSBRs)	url:	https://www.audiocodes.com/solutions-products/products/multi-service-business-routers-msbrs	Trust: 0.8
title:	Patches for multiple AudioCodes product trust management issues	url:	https://www.cnvd.org.cn/patchInfo/show/180693	Trust: 0.6
title:	Multiple AudioCodes Repair measures for product trust management problem vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=95140	Trust: 0.6

sources: CNVD: CNVD-2019-32050 // JVNDB: JVNDB-2019-006943 // CNNVD: CNNVD-201907-1146

EXTERNAL IDS

db:	NVD	id:	CVE-2019-9229	Trust: 3.0
db:	JVNDB	id:	JVNDB-2019-006943	Trust: 0.8
db:	CNVD	id:	CNVD-2019-32050	Trust: 0.6
db:	CNNVD	id:	CNNVD-201907-1146	Trust: 0.6

sources: CNVD: CNVD-2019-32050 // JVNDB: JVNDB-2019-006943 // CNNVD: CNNVD-201907-1146 // NVD: CVE-2019-9229

REFERENCES

url:	https://www.cirosec.de/fileadmin/1._unternehmen/1.4._unsere_kompetenzen/security_advisory_audiocodes_mediant_family.pdf	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2019-9229	Trust: 2.0
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9229	Trust: 0.8

sources: CNVD: CNVD-2019-32050 // JVNDB: JVNDB-2019-006943 // CNNVD: CNNVD-201907-1146 // NVD: CVE-2019-9229

SOURCES

db:	CNVD	id:	CNVD-2019-32050
db:	JVNDB	id:	JVNDB-2019-006943
db:	CNNVD	id:	CNNVD-201907-1146
db:	NVD	id:	CVE-2019-9229

LAST UPDATE DATE

2024-11-23T22:58:38.856000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-32050	date:	2019-09-19T00:00:00
db:	JVNDB	id:	JVNDB-2019-006943	date:	2019-07-30T00:00:00
db:	CNNVD	id:	CNNVD-201907-1146	date:	2020-08-25T00:00:00
db:	NVD	id:	CVE-2019-9229	date:	2024-11-21T04:51:15.413

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2019-32050	date:	2019-09-18T00:00:00
db:	JVNDB	id:	JVNDB-2019-006943	date:	2019-07-30T00:00:00
db:	CNNVD	id:	CNNVD-201907-1146	date:	2019-07-19T00:00:00
db:	NVD	id:	CVE-2019-9229	date:	2019-07-20T00:15:11.680