PT-2020-10320 · Nec · Sv9100+4
Published
2020-07-29
·
Updated
2020-08-04
·
CVE-2019-20027
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
NEC PBXes versions 7.0 and higher
Description
The issue concerns NEC PBXes, including the SV8100, SV9100, SL1100, and SL2100, where if incorrectly configured, a blank
username and password combination can be entered as a valid account, successfully authenticating.Recommendations
For versions 7.0 and higher, ensure proper configuration to prevent the acceptance of blank username and password combinations as valid authentication credentials.
Fix
Improper Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Nec Pbxes
Sl1100
Sl2100
Sv8100
Sv9100