CVE-2019-9231
Last modified
CVE-2019-9231 is a vulnerability of currently unknown severity. An issue was discovered on AudioCodes Mediant 500L-MSBR, 500-MBSR, M800B-MSBR and 800C-MSBR devices with firmware versions before 7.20A.202.307. A Cross-Site Request Forgery (CSRF) vulnerability in the management web interface allows remote attackers to execute malicious and unauthorized actions, because CSRFProtection=1 is not a default and is not documented.. EPSS estimates a 0.74% chance of exploitation in the next 30 days.
Description
An issue was discovered on AudioCodes Mediant 500L-MSBR, 500-MBSR, M800B-MSBR and 800C-MSBR devices with firmware versions before 7.20A.202.307. A Cross-Site Request Forgery (CSRF) vulnerability in the management web interface allows remote attackers to execute malicious and unauthorized actions, because CSRFProtection=1 is not a default and is not documented.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Audiocodes | Mediant 500l-Msbr Firmware | >= f7.20a, < f7.20a.202.307 |
| Audiocodes | Mediant 500-Mbsr Firmware | >= f7.20a, < f7.20a.202.307 |
| Audiocodes | Mediant M800b-Msbr Firmware | >= f7.20a, < f7.20a.202.307 |
| Audiocodes | Mediant 800c-Msbr Firmware | >= f7.20a, < f7.20a.202.307 |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2019-9231?
How severe is CVE-2019-9231?
How do I fix CVE-2019-9231?
Are you affected by CVE-2019-9231?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST