Main Vulnerability Database SB2019072008

SB2019072008 - Use of hard-coded credentials in AudioCodes Mediant 800C-MSBR

Published: July 20, 2019 Updated: July 23, 2019

Security Bulletin ID SB2019072008

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Adjecent network

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Use of hard-coded credentials (CVE-ID: CVE-2019-9229)

The vulnerability allows a local attacker to gain full access to vulnerable system.

The vulnerability exists due to presence of hard-coded credentials in an internal interface, which is exposed to the link-local address 169.254.254.253. A local unauthenticated attacker can access multiple quagga VTYs with the default password "1234" that cannot be changed and execute malicious and unauthorized actions.

Remediation

Install update from vendor's website.

References

https://www.cirosec.de/fileadmin/1._Unternehmen/1.4._Unsere_Kompetenzen/Security_Advisory_AudioCodes_Mediant_family.pdf