Vulnerability Description
An issue was discovered on AudioCodes Mediant 500L-MSBR, 500-MBSR, M800B-MSBR and 800C-MSBR devices with firmware versions F7.20A to F7.20A.253. A cross-site scripting (XSS) vulnerability in the search function of the management web interface allows remote attackers to inject arbitrary web script or HTML via the keyword parameter.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Audiocodes | Mediant 500L-Msbr Firmware | >= f7.20a, <= f7.20a.253 |
| Audiocodes | Mediant 500L-Msbr | - |
| Audiocodes | Mediant 500-Mbsr Firmware | >= f7.20a, <= f7.20a.253 |
| Audiocodes | Mediant 500-Mbsr | - |
| Audiocodes | Mediant M800B-Msbr Firmware | >= f7.20a, <= f7.20a.253 |
| Audiocodes | Mediant M800B-Msbr | - |
| Audiocodes | Mediant 800C-Msbr Firmware | >= f7.20a, <= f7.20a.253 |
| Audiocodes | Mediant 800C-Msbr | - |
Related Weaknesses (CWE)
References
- https://www.cirosec.de/fileadmin/1._Unternehmen/1.4._Unsere_Kompetenzen/SecurityThird Party Advisory
- https://www.cirosec.de/fileadmin/1._Unternehmen/1.4._Unsere_Kompetenzen/SecurityThird Party Advisory
FAQ
What is CVE-2019-9230?
CVE-2019-9230 is a vulnerability with a CVSS score of 6.1 (MEDIUM). An issue was discovered on AudioCodes Mediant 500L-MSBR, 500-MBSR, M800B-MSBR and 800C-MSBR devices with firmware versions F7.20A to F7.20A.253. A cross-site scripting (XSS) vulnerability in the searc...
How severe is CVE-2019-9230?
CVE-2019-9230 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-9230?
Check the references section above for vendor advisories and patch information. Affected products include: Audiocodes Mediant 500L-Msbr Firmware, Audiocodes Mediant 500L-Msbr, Audiocodes Mediant 500-Mbsr Firmware, Audiocodes Mediant 500-Mbsr, Audiocodes Mediant M800B-Msbr Firmware.