CVE-2019-20031 — CRITICAL (9.1)

Vulnerability Description

NEC UM8000, UM4730 and prior non-InMail voicemail systems with all known software versions may permit an infinite number of login attempts in the telephone user interface (TUI), effectively allowing brute force attacks.

CVSS Score

9.1

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Nec	Um8000 Firmware	All versions
Nec	Um8000	-
Nec	Um4730 Firmware	All versions
Nec	Um4730	-

Related Weaknesses (CWE)

CWE-307

References

https://shadytel.su/files/nec_cve.txtThird Party Advisory
https://shadytel.su/files/nec_cve.txtThird Party Advisory

FAQ

What is CVE-2019-20031?

CVE-2019-20031 is a vulnerability with a CVSS score of 9.1 (CRITICAL). NEC UM8000, UM4730 and prior non-InMail voicemail systems with all known software versions may permit an infinite number of login attempts in the telephone user interface (TUI), effectively allowing b...

How severe is CVE-2019-20031?

CVE-2019-20031 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2019-20031?

Check the references section above for vendor advisories and patch information. Affected products include: Nec Um8000 Firmware, Nec Um8000, Nec Um4730 Firmware, Nec Um4730.