Vulnerability Description
An issue was discovered on AudioCodes Mediant 500L-MSBR, 500-MBSR, M800B-MSBR and 800C-MSBR devices with firmware versions F7.20A at least to 7.20A.252.062. The (1) management SSH and (2) management TELNET features allow remote attackers to cause a denial of service (connection slot exhaustion) via 5 unauthenticated connection attempts, because the maximum number of unauthenticated clients that can be configured is 5. NOTE: the vendor's position is that this is a "design choice.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Audiocodes | Median 500L-Msbr Firmware | >= f7.20a, <= f7.20a.252.062 |
| Audiocodes | Median 500L-Msbr | - |
| Audiocodes | Median 500-Msbr Firmware | >= f7.20a, <= f7.20a.252.062 |
| Audiocodes | Median 500-Msbr | - |
| Audiocodes | Median M800B-Msbr Firmware | >= f7.20a, <= f7.20a.252.062 |
| Audiocodes | Median M800B-Msbr | - |
| Audiocodes | Median 800C-Msbr Firmware | >= f7.20a, <= f7.20a.252.062 |
| Audiocodes | Median 800C-Msbr | - |
References
- https://www.cirosec.de/fileadmin/1._Unternehmen/1.4._Unsere_Kompetenzen/SecurityThird Party Advisory
- https://www.cirosec.de/fileadmin/1._Unternehmen/1.4._Unsere_Kompetenzen/SecurityThird Party Advisory
FAQ
What is CVE-2019-9228?
CVE-2019-9228 is a vulnerability with a CVSS score of 7.5 (HIGH). An issue was discovered on AudioCodes Mediant 500L-MSBR, 500-MBSR, M800B-MSBR and 800C-MSBR devices with firmware versions F7.20A at least to 7.20A.252.062. The (1) management SSH and (2) management T...
How severe is CVE-2019-9228?
CVE-2019-9228 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-9228?
Check the references section above for vendor advisories and patch information. Affected products include: Audiocodes Median 500L-Msbr Firmware, Audiocodes Median 500L-Msbr, Audiocodes Median 500-Msbr Firmware, Audiocodes Median 500-Msbr, Audiocodes Median M800B-Msbr Firmware.