CVE-2019-20027 - OpenCVE

Aspire-derived NEC PBXes, including the SV8100, SV9100, SL1100 and SL2100 with software releases 7.0 or higher contain the possibility if incorrectly configured to allow a blank username and password combination to be entered as a valid, successfully authenticating account.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Nec	Sl1100 Sl1100 Firmware Sl2100 Sl2100 Firmware Sv8100 Sv8100 Firmware Sv9100 Sv9100 Firmware

Configuration 1 [-]

AND

cpe:2.3:h:nec:sv8100:-:*:*:*:*:*:*:*

cpe:2.3:o:nec:sv8100_firmware:*:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:h:nec:sv9100:-:*:*:*:*:*:*:*

cpe:2.3:o:nec:sv9100_firmware:*:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:h:nec:sl1100:-:*:*:*:*:*:*:*

cpe:2.3:o:nec:sl1100_firmware:*:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:h:nec:sl2100:-:*:*:*:*:*:*:*

cpe:2.3:o:nec:sl2100_firmware:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://shadytel.su/files/nec_cve.txt

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2020-07-29T17:29:23

Updated: 2024-08-05T02:32:10.533Z

Reserved: 2019-12-27T00:00:00

Link: CVE-2019-20027

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2020-07-29T18:15:13.327

Modified: 2020-08-04T19:49:09.200

Link: CVE-2019-20027

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Aspire-derived NEC PBXes, including the SV8100, SV9100, SL1100 and SL2100 with software releases 7.0 or higher contain the possibility if incorrectly configured to allow a blank username and password combination to be entered as a valid, successfully authenticating account."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-07-29T17:29:23", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://shadytel.su/files/nec_cve.txt"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-20027", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Aspire-derived NEC PBXes, including the SV8100, SV9100, SL1100 and SL2100 with software releases 7.0 or higher contain the possibility if incorrectly configured to allow a blank username and password combination to be entered as a valid, successfully authenticating account."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://shadytel.su/files/nec_cve.txt", "refsource": "MISC", "url": "https://shadytel.su/files/nec_cve.txt"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T02:32:10.533Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://shadytel.su/files/nec_cve.txt"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-20027", "datePublished": "2020-07-29T17:29:23", "dateReserved": "2019-12-27T00:00:00", "dateUpdated": "2024-08-05T02:32:10.533Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:nec:sv8100:-:*:*:*:*:*:*:*", "matchCriteriaId": "4B3FD340-B4EC-47A9-9558-494969533D10", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:nec:sv8100_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "C8A44254-6DAF-420B-ADEB-41B0CEC84CC1", "versionStartIncluding": "7.0", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:nec:sv9100:-:*:*:*:*:*:*:*", "matchCriteriaId": "DFD408C4-F8F8-45B1-97C1-D16E79AB9D28", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:nec:sv9100_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "F8FED280-00CD-4379-A852-B3FB115BE8FC", "versionStartIncluding": "7.0", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:nec:sl1100:-:*:*:*:*:*:*:*", "matchCriteriaId": "25F19130-FF57-422C-A792-128D72FFB022", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:nec:sl1100_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "F8E69348-45F6-4D8B-BF6A-AB7CB97D7813", "versionStartIncluding": "7.0", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:nec:sl2100:-:*:*:*:*:*:*:*", "matchCriteriaId": "05D2A3E1-95D6-4528-8EE1-9BDDA4F1B9ED", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:nec:sl2100_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B82AAA04-E282-4AC2-9744-ED2047A7EFDE", "versionStartIncluding": "7.0", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Aspire-derived NEC PBXes, including the SV8100, SV9100, SL1100 and SL2100 with software releases 7.0 or higher contain the possibility if incorrectly configured to allow a blank username and password combination to be entered as a valid, successfully authenticating account."}, {"lang": "es", "value": "Aspire-derived NEC PBXes, incluidas los SV8100, SV9100, SL1100 y SL2100 con versiones de software 7.0 o superiores, contienen la posibilidad de ser configuradas incorrectamente para permitir que una combinaci\u00f3n de nombre de usuario y contrase\u00f1a en blanco sean ingresadas como una cuenta v\u00e1lida y autenticada con \u00e9xito"}], "id": "CVE-2019-20027", "lastModified": "2020-08-04T19:49:09.200", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-07-29T18:15:13.327", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://shadytel.su/files/nec_cve.txt"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}]}