PT-2019-19452 · Audiocodes+1 · Audiocodes Mediant+1
Published
2019-07-19
·
Updated
2020-08-24
·
CVE-2019-9229
CVSS v3.1
8.8
High
| Vector | AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
AudioCodes Mediant devices versions F7.20A through F7.20A.251
Description
An issue was discovered that allows attackers in the local network to access multiple quagga VTYs through an internal interface exposed to the link-local address 169.254.254.253. Attackers can authenticate with the default
password that cannot be changed, and can execute malicious and unauthorized actions.Recommendations
For AudioCodes Mediant devices versions F7.20A through F7.20A.251, consider changing the default
password to a unique and secure one, and restrict access to the internal interface to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.Fix
Using Hardcoded Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Audiocodes Mediant
Quagga