CVE-2019-20028 — HIGH (7.5)

Vulnerability Description

Aspire-derived NEC PBXes operating InMail software, including all versions of SV8100, SV9100, SL1100 and SL2100 devices allow unauthenticated read-only access to voicemails, greetings, and voice response system content through a system's WebPro administration interface.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Nec	Sv8100 Firmware	All versions
Nec	Sv8100	-
Nec	Sv9100 Firmware	All versions
Nec	Sv9100	-
Nec	Sl1100 Firmware	All versions
Nec	Sl1100	-
Nec	Sl2100 Firmware	All versions
Nec	Sl2100	-

References

https://shadytel.su/files/nec_cve.txtThird Party Advisory
https://shadytel.su/files/nec_cve.txtThird Party Advisory

FAQ

What is CVE-2019-20028?

CVE-2019-20028 is a vulnerability with a CVSS score of 7.5 (HIGH). Aspire-derived NEC PBXes operating InMail software, including all versions of SV8100, SV9100, SL1100 and SL2100 devices allow unauthenticated read-only access to voicemails, greetings, and voice respo...

How severe is CVE-2019-20028?

CVE-2019-20028 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-20028?

Check the references section above for vendor advisories and patch information. Affected products include: Nec Sv8100 Firmware, Nec Sv8100, Nec Sv9100 Firmware, Nec Sv9100, Nec Sl1100 Firmware.