CVE-2019-9231

Name of the Vulnerable Software and Affected Versions AudioCodes Mediant devices versions prior to 7.20A.202.307

Description A Cross-Site Request Forgery (CSRF) issue in the management web interface allows remote attackers to execute malicious and unauthorized actions. This is because CSRFProtection=1 is not a default setting and is not documented, leaving the interface vulnerable to such attacks.

Recommendations For versions prior to 7.20A.202.307, update the firmware to version 7.20A.202.307 or later to resolve the issue. As a temporary workaround, consider setting CSRFProtection=1 to enable CSRF protection, if possible, until a patch is applied.