PT-2020-10324 · Nec · Nec Non-Inmail Voicemail Systems+2
Published
2020-07-29
·
Updated
2020-08-03
·
CVE-2019-20031
CVSS v2.0
6.4
Medium
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
NEC UM8000 versions all known software versions
NEC UM4730 versions all known software versions
NEC non-InMail voicemail systems versions all known software versions
Description
The issue allows for an infinite number of login attempts in the telephone user interface, effectively enabling brute force attacks.
Recommendations
For NEC UM8000, consider restricting access to the telephone user interface until a fix is available.
For NEC UM4730, consider restricting access to the telephone user interface until a fix is available.
For NEC non-InMail voicemail systems, consider restricting access to the telephone user interface until a fix is available.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Improper Restriction of Excessive Authentication Attempts
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Nec Um4730
Nec Um8000
Nec Non-Inmail Voicemail Systems