Sign-up

ID

VAR-201907-0312


CVE

CVE-2019-9230


TITLE

plural AudioCodes Mediant Cross-site scripting vulnerability in device firmware

Trust: 0.8

sources: JVNDB: JVNDB-2019-007069

DESCRIPTION

An issue was discovered on AudioCodes Mediant 500L-MSBR, 500-MBSR, M800B-MSBR and 800C-MSBR devices with firmware versions F7.20A to F7.20A.253. A cross-site scripting (XSS) vulnerability in the search function of the management web interface allows remote attackers to inject arbitrary web script or HTML via the keyword parameter. plural AudioCodes Mediant The device firmware contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. AudioCodes Mediant 500L-MSBR and others are products of Israel's AudioCodes. AudioCodes Mediant 500L-MSBR is a 500L series integrated SOHO/SMB router. AudioCodes Mediant 500-MSBR is a 500 series integrated SOHO/SMB router. AudioCodes M800B-MSBR is an M800B series integrated SOHO/SMB router. A cross-site scripting vulnerability exists in several AudioCodes products. An attacker could exploit the vulnerability to execute client code

Trust: 2.16

sources: NVD: CVE-2019-9230 // JVNDB: JVNDB-2019-007069 // CNVD: CNVD-2019-32046

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-32046

AFFECTED PRODUCTS

vendor:audiocodesmodel:mediant m800b-msbrscope:lteversion:f7.20a.253

Trust: 1.0

vendor:audiocodesmodel:mediant 500-mbsrscope:lteversion:f7.20a.253

Trust: 1.0

vendor:audiocodesmodel:mediant 500l-msbrscope:lteversion:f7.20a.253

Trust: 1.0

vendor:audiocodesmodel:mediant 500-mbsrscope:gteversion:f7.20a

Trust: 1.0

vendor:audiocodesmodel:mediant m800b-msbrscope:gteversion:f7.20a

Trust: 1.0

vendor:audiocodesmodel:mediant 800c-msbrscope:lteversion:f7.20a.253

Trust: 1.0

vendor:audiocodesmodel:mediant 800c-msbrscope:gteversion:f7.20a

Trust: 1.0

vendor:audiocodesmodel:mediant 500l-msbrscope:gteversion:f7.20a

Trust: 1.0

vendor:audiocodesmodel:mediant 500-mbsrscope:eqversion:f7.20a to f7.20a.253

Trust: 0.8

vendor:audiocodesmodel:mediant 500l-msbrscope:eqversion:f7.20a to f7.20a.253

Trust: 0.8

vendor:audiocodesmodel:mediant 800c-msbrscope:eqversion:f7.20a to f7.20a.253

Trust: 0.8

vendor:audiocodesmodel:mediant m800b-msbrscope:eqversion:f7.20a to f7.20a.253

Trust: 0.8

vendor:audiocodesmodel:mediant 500l-msbr >=f7.20a,<=f7.20a.253scope: - version: -

Trust: 0.6

vendor:audiocodesmodel:mediant 500-msbr >=f7.20a,<=f7.20a.253scope: - version: -

Trust: 0.6

vendor:audiocodesmodel:m800b-msbr >=f7.20,<=f7.20a.253scope: - version: -

Trust: 0.6

vendor:audiocodesmodel:mediant 800c-msbr >=f7.20a,<=f7.20a.253scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2019-32046 // JVNDB: JVNDB-2019-007069 // NVD: CVE-2019-9230

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-9230
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-9230
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2019-32046
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201907-1063
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2019-9230
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-32046
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-9230
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2019-32046 // JVNDB: JVNDB-2019-007069 // CNNVD: CNNVD-201907-1063 // NVD: CVE-2019-9230

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.8

sources: JVNDB: JVNDB-2019-007069 // NVD: CVE-2019-9230

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201907-1063

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201907-1063

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-007069

PATCH
title:Multi-Service Business Routers (MSBRs)url:https://www.audiocodes.com/solutions-products/products/multi-service-business-routers-msbrs
Trust: 0.8
title:Patches for cross-site scripting vulnerabilities in several AudioCodes productsurl:https://www.cnvd.org.cn/patchInfo/show/180695
Trust: 0.6
title:Multiple AudioCodes Fixes for product cross-site scripting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=95084
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-32046 // 
            
            
            
            JVNDB: JVNDB-2019-007069 // 
            
            
            
            CNNVD: CNNVD-201907-1063

EXTERNAL IDS
db:NVDid:CVE-2019-9230
Trust: 3.0
db:JVNDBid:JVNDB-2019-007069
Trust: 0.8
db:CNVDid:CNVD-2019-32046
Trust: 0.6
db:CNNVDid:CNNVD-201907-1063
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-32046 // 
            
            
            
            JVNDB: JVNDB-2019-007069 // 
            
            
            
            CNNVD: CNNVD-201907-1063 // 
            
            
            
            NVD: CVE-2019-9230

REFERENCES
url:https://www.cirosec.de/fileadmin/1._unternehmen/1.4._unsere_kompetenzen/security_advisory_audiocodes_mediant_family.pdf
Trust: 2.4
url:https://nvd.nist.gov/vuln/detail/cve-2019-9230
Trust: 2.0
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9230
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2019-32046 // 
            
            
            
            JVNDB: JVNDB-2019-007069 // 
            
            
            
            CNNVD: CNNVD-201907-1063 // 
            
            
            
            NVD: CVE-2019-9230

SOURCES
db:CNVDid:CNVD-2019-32046
db:JVNDBid:JVNDB-2019-007069
db:CNNVDid:CNNVD-201907-1063
db:NVDid:CVE-2019-9230

LAST UPDATE DATE
2024-11-23T21:52:08.354000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-32046date:2019-09-19T00:00:00
db:JVNDBid:JVNDB-2019-007069date:2019-07-31T00:00:00
db:CNNVDid:CNNVD-201907-1063date:2019-07-30T00:00:00
db:NVDid:CVE-2019-9230date:2024-11-21T04:51:15.550

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-32046date:2019-09-18T00:00:00
db:JVNDBid:JVNDB-2019-007069date:2019-07-31T00:00:00
db:CNNVDid:CNNVD-201907-1063date:2019-07-18T00:00:00
db:NVDid:CVE-2019-9230date:2019-07-18T15:15:11.523