Use of hard-coded credentials in AudioCodes Mediant 800C-MSBR

1) Use of hard-coded credentials

EUVDB-ID: #VU19307

Risk: Medium

CVSSv3.1: 7.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-9229

CWE-ID: CWE-798 - Use of Hard-coded Credentials

Exploit availability: No

Description

The vulnerability allows a local attacker to gain full access to vulnerable system.

The vulnerability exists due to presence of hard-coded credentials in an internal interface, which is exposed to the link-local address 169.254.254.253. A local unauthenticated attacker can access multiple quagga VTYs with the default password "1234" that cannot be changed and execute malicious and unauthorized actions.

 

Mitigation

Install updates from vendor's website.

Vulnerable software versions

AudioCodes Mediant 800C-MSBR: F7.20A - F7.20A.251

AudioCodes Mediant M800B-MSBR: F7.20A - F7.20A.251

AudioCodes Mediant 500-MBSR: F7.20A - F7.20A.251

AudioCodes Mediant 500L-MSBR: F7.20A - F7.20A.251

AudioCodes Mediant 500L-MSBR: before

External links

http://www.cirosec.de/fileadmin/1._Unternehmen/1.4._Unsere_Kompetenzen/Security_Advisory_AudioCodes_Mediant_family.pdf

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.