Vulnerability Description
An issue was discovered on AudioCodes Mediant 500L-MSBR, 500-MBSR, M800B-MSBR and 800C-MSBR devices with firmware versions before 7.20A.202.307. A Cross-Site Request Forgery (CSRF) vulnerability in the management web interface allows remote attackers to execute malicious and unauthorized actions, because CSRFProtection=1 is not a default and is not documented.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Audiocodes | Mediant 500L-Msbr Firmware | >= f7.20a, < f7.20a.202.307 |
| Audiocodes | Mediant 500L-Msbr | - |
| Audiocodes | Mediant 500-Mbsr Firmware | >= f7.20a, < f7.20a.202.307 |
| Audiocodes | Mediant 500-Mbsr | - |
| Audiocodes | Mediant M800B-Msbr Firmware | >= f7.20a, < f7.20a.202.307 |
| Audiocodes | Mediant M800B-Msbr | - |
| Audiocodes | Mediant 800C-Msbr Firmware | >= f7.20a, < f7.20a.202.307 |
| Audiocodes | Mediant 800C-Msbr | - |
Related Weaknesses (CWE)
References
- https://www.cirosec.de/fileadmin/1._Unternehmen/1.4._Unsere_Kompetenzen/SecurityThird Party Advisory
- https://www.cirosec.de/fileadmin/1._Unternehmen/1.4._Unsere_Kompetenzen/SecurityThird Party Advisory
FAQ
What is CVE-2019-9231?
CVE-2019-9231 is a vulnerability with a CVSS score of 8.8 (HIGH). An issue was discovered on AudioCodes Mediant 500L-MSBR, 500-MBSR, M800B-MSBR and 800C-MSBR devices with firmware versions before 7.20A.202.307. A Cross-Site Request Forgery (CSRF) vulnerability in th...
How severe is CVE-2019-9231?
CVE-2019-9231 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-9231?
Check the references section above for vendor advisories and patch information. Affected products include: Audiocodes Mediant 500L-Msbr Firmware, Audiocodes Mediant 500L-Msbr, Audiocodes Mediant 500-Mbsr Firmware, Audiocodes Mediant 500-Mbsr, Audiocodes Mediant M800B-Msbr Firmware.