Vulnerability Description
An issue was discovered on AudioCodes Mediant 500L-MSBR, 500-MBSR, M800B-MSBR and 800C-MSBR devices with firmware versions F7.20A to F7.20A.251. An internal interface exposed to the link-local address 169.254.254.253 allows attackers in the local network to access multiple quagga VTYs. Attackers can authenticate with the default 1234 password that cannot be changed, and can execute malicious and unauthorized actions.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Audiocodes | Median 500L-Msbr Firmware | >= f7.20a, <= f7.20a.251 |
| Audiocodes | Median 500L-Msbr | - |
| Audiocodes | Median 500-Msbr Firmware | >= f7.20a, <= f7.20a.251 |
| Audiocodes | Median 500-Msbr | - |
| Audiocodes | Median M800B-Msbr Firmware | >= f7.20a, <= f7.20a.251 |
| Audiocodes | Median M800B-Msbr | - |
| Audiocodes | Median 800C-Msbr Firmware | >= f7.20a, <= f7.20a.251 |
| Audiocodes | Median 800C-Msbr | - |
Related Weaknesses (CWE)
References
- https://www.cirosec.de/fileadmin/1._Unternehmen/1.4._Unsere_Kompetenzen/SecurityThird Party Advisory
- https://www.cirosec.de/fileadmin/1._Unternehmen/1.4._Unsere_Kompetenzen/SecurityThird Party Advisory
FAQ
What is CVE-2019-9229?
CVE-2019-9229 is a vulnerability with a CVSS score of 8.8 (HIGH). An issue was discovered on AudioCodes Mediant 500L-MSBR, 500-MBSR, M800B-MSBR and 800C-MSBR devices with firmware versions F7.20A to F7.20A.251. An internal interface exposed to the link-local address...
How severe is CVE-2019-9229?
CVE-2019-9229 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-9229?
Check the references section above for vendor advisories and patch information. Affected products include: Audiocodes Median 500L-Msbr Firmware, Audiocodes Median 500L-Msbr, Audiocodes Median 500-Msbr Firmware, Audiocodes Median 500-Msbr, Audiocodes Median M800B-Msbr Firmware.