Published on April 27th, 2019 📆 | 5336 Views ⚑
0AudioCodes 405HD 2.2.12 Web Interface POST Request Password Reset privilege escalation
CVSS Meta Temp Score | Current Exploit Price (≈) |
---|---|
7.3 | $0-$5k |
A vulnerability classified as critical was found in AudioCodes 405HD 2.2.12. This vulnerability affects the functionality of the component Web Interface. The manipulation as part of a POST Request leads to a privilege escalation vulnerability (Password Reset). The CWE definition for the vulnerability is CWE-269. As an impact it is known to affect confidentiality, integrity, and availability.
The weakness was disclosed 04/25/2019. This vulnerability was named CVE-2018-16219 since 08/30/2018. The attack can be initiated remotely. No form of authentication is required for a successful exploitation. There are neither technical details nor an exploit publicly available. The current price for an exploit might be approx. USD $0-$5k (estimation calculated on 04/26/2019).
There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.
The entries 134091 and 134093 are pretty similar.
Vendor
Name
VulDB Meta Base Score: 7.3
VulDB Meta Temp Score: 7.3
VulDB Base Score: 7.3
VulDB Temp Score: 7.3
VulDB Vector: ?
VulDB Reliability: ?
AV | AC | Au | C | I | A |
---|---|---|---|---|---|
? | ? | ? | ? | ? | ? |
? | ? | ? | ? | ? | ? |
? | ? | ? | ? | ? | ? |
Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
---|---|---|---|---|---|
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
VulDB Base Score: ?
VulDB Temp Score: ?
VulDB Reliability: ?
Class: Privilege escalation / Password Reset (CWE-269)
Local: No
Remote: Yes
Availability: ?
Status: Not defined
Price Prediction: ?
Current Price Estimation: ?
0-Day | unlock | unlock | unlock | unlock |
---|---|---|---|---|
Today | unlock | unlock | unlock | unlock |
Threat Intelligence
Threat: ?
Adversaries: ?
Geopolitics: ?
Economy: ?
Predictions: ?
Remediation: ?Recommended: no mitigation known
0-Day Time: ?08/30/2018 CVE assigned
04/25/2019 Advisory disclosed
04/26/2019 VulDB entry created
04/26/2019 VulDB last updateCVE: CVE-2018-16219 (?)
See also: ?Created: 04/26/2019 08:10 AM
Complete: ?
Comments
Upgrade your account now!
https://vuldb.com/?id.134092
No comments yet. Please log in to comment.