PT-2019-19452 · Audiocodes+1 · Audiocodes Mediant+1
Publicado
2019-07-19
·
Atualizado
2020-08-24
·
CVE-2019-9229
CVSS v3.1
8.8
Alta
| Vetor | AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
AudioCodes Mediant devices versions F7.20A through F7.20A.251
Description
An issue was discovered that allows attackers in the local network to access multiple quagga VTYs through an internal interface exposed to the link-local address 169.254.254.253. Attackers can authenticate with the default
password that cannot be changed, and can execute malicious and unauthorized actions.Recommendations
For AudioCodes Mediant devices versions F7.20A through F7.20A.251, consider changing the default
password to a unique and secure one, and restrict access to the internal interface to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.Correção
Using Hardcoded Credentials
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Audiocodes Mediant
Quagga