CVE-2019-9228 - An issue was discovered on AudioCodes Mediant 500L-MSBR, 500-MBSR, M800B-MSBR and 800C-MSBR devices

CVE-2019-9228

Summary

An issue was discovered on AudioCodes Mediant 500L-MSBR, 500-MBSR, M800B-MSBR and 800C-MSBR devices with firmware versions F7.20A at least to 7.20A.252.062. The (1) management SSH and (2) management TELNET features allow remote attackers to cause a denial of service (connection slot exhaustion) via 5 unauthenticated connection attempts, because the maximum number of unauthenticated clients that can be configured is 5. NOTE: the vendor's position is that this is a "design choice.

References

https://www.cirosec.de/fileadmin/1._Unternehmen/1.4._Unsere_Kompetenzen/Security_Advisory_AudioCodes_Mediant_family.pdf

Vulnerable Configurations

cpe:2.3:o:audiocodes:median_500l-msbr_firmware:f7.20a:*:*:*:*:*:*:*
cpe:2.3:o:audiocodes:median_500l-msbr_firmware:f7.20a:*:*:*:*:*:*:*
cpe:2.3:o:audiocodes:median_500l-msbr_firmware:f7.20a.251:*:*:*:*:*:*:*
cpe:2.3:o:audiocodes:median_500l-msbr_firmware:f7.20a.251:*:*:*:*:*:*:*
cpe:2.3:o:audiocodes:median_500l-msbr_firmware:f7.20a.252.062:*:*:*:*:*:*:*
cpe:2.3:o:audiocodes:median_500l-msbr_firmware:f7.20a.252.062:*:*:*:*:*:*:*
cpe:2.3:h:audiocodes:median_500l-msbr:-:*:*:*:*:*:*:*
cpe:2.3:h:audiocodes:median_500l-msbr:-:*:*:*:*:*:*:*
cpe:2.3:o:audiocodes:median_500-msbr_firmware:f7.20a:*:*:*:*:*:*:*
cpe:2.3:o:audiocodes:median_500-msbr_firmware:f7.20a:*:*:*:*:*:*:*
cpe:2.3:o:audiocodes:median_500-msbr_firmware:f7.20a.251:*:*:*:*:*:*:*
cpe:2.3:o:audiocodes:median_500-msbr_firmware:f7.20a.251:*:*:*:*:*:*:*
cpe:2.3:o:audiocodes:median_500-msbr_firmware:f7.20a.252.062:*:*:*:*:*:*:*
cpe:2.3:o:audiocodes:median_500-msbr_firmware:f7.20a.252.062:*:*:*:*:*:*:*
cpe:2.3:h:audiocodes:median_500-msbr:-:*:*:*:*:*:*:*
cpe:2.3:h:audiocodes:median_500-msbr:-:*:*:*:*:*:*:*
cpe:2.3:o:audiocodes:median_m800b-msbr_firmware:f7.20a:*:*:*:*:*:*:*
cpe:2.3:o:audiocodes:median_m800b-msbr_firmware:f7.20a:*:*:*:*:*:*:*
cpe:2.3:o:audiocodes:median_m800b-msbr_firmware:f7.20a.251:*:*:*:*:*:*:*
cpe:2.3:o:audiocodes:median_m800b-msbr_firmware:f7.20a.251:*:*:*:*:*:*:*
cpe:2.3:o:audiocodes:median_m800b-msbr_firmware:f7.20a.252.062:*:*:*:*:*:*:*
cpe:2.3:o:audiocodes:median_m800b-msbr_firmware:f7.20a.252.062:*:*:*:*:*:*:*
cpe:2.3:h:audiocodes:median_m800b-msbr:-:*:*:*:*:*:*:*
cpe:2.3:h:audiocodes:median_m800b-msbr:-:*:*:*:*:*:*:*
cpe:2.3:o:audiocodes:median_800c-msbr_firmware:f7.20a:*:*:*:*:*:*:*
cpe:2.3:o:audiocodes:median_800c-msbr_firmware:f7.20a:*:*:*:*:*:*:*
cpe:2.3:o:audiocodes:median_800c-msbr_firmware:f7.20a.251:*:*:*:*:*:*:*
cpe:2.3:o:audiocodes:median_800c-msbr_firmware:f7.20a.251:*:*:*:*:*:*:*
cpe:2.3:o:audiocodes:median_800c-msbr_firmware:f7.20a.252.062:*:*:*:*:*:*:*
cpe:2.3:o:audiocodes:median_800c-msbr_firmware:f7.20a.252.062:*:*:*:*:*:*:*
cpe:2.3:h:audiocodes:median_800c-msbr:-:*:*:*:*:*:*:*
cpe:2.3:h:audiocodes:median_800c-msbr:-:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 11-04-2024 - 01:06)
Impact:
Exploitability:

CWE

NVD-CWE-noinfo

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:N/A:P

refmap via4

misc

https://www.cirosec.de/fileadmin/1._Unternehmen/1.4._Unsere_Kompetenzen/Security_Advisory_AudioCodes_Mediant_family.pdf

Last major update

11-04-2024 - 01:06

Published

19-07-2019 - 23:15

Last modified

11-04-2024 - 01:06