CVE-2019-20030

An attacker with knowledge of the modem access number on a NEC UM8000 voicemail system may use SSH tunneling or standard Linux utilities to gain access to the system's LAN port. All versions are affected.

CVSS v3 7.8 HIGH
CVSS v2.0 4.6 MEDIUM

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

4.6^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 3.9 / Impact : 6.4

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://shadytel.su/files/nec_cve.txt	Third Party Advisory
https://shadytel.su/files/nec_cve.txt	Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:nec:um8000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:nec:um8000:-:*:*:*:*:*:*:*

History

21 Nov 2024, 04:37

Type	Values Removed	Values Added
References	~~() https://shadytel.su/files/nec_cve.txt - Third Party Advisory~~	() https://shadytel.su/files/nec_cve.txt - Third Party Advisory

Information

Published : 2020-07-29 18:15

Updated : 2024-11-21 04:37

NVD link : CVE-2019-20030

Mitre link : CVE-2019-20030

CVE.ORG link : CVE-2019-20030

JSON object : View

Products Affected

nec

um8000
um8000_firmware

CWE

NVD-CWE-noinfo

{"id": "CVE-2019-20030", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2020-07-29T18:15:13.657", "references": [{"url": "https://shadytel.su/files/nec_cve.txt", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://shadytel.su/files/nec_cve.txt", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "An attacker with knowledge of the modem access number on a NEC UM8000 voicemail system may use SSH tunneling or standard Linux utilities to gain access to the system's LAN port. All versions are affected."}, {"lang": "es", "value": "Un atacante con conocimiento del n\u00famero de acceso al m\u00f3dem en un sistema de correo de voz de NEC UM8000 puede usar t\u00faneles SSH o utilidades est\u00e1ndar de Linux para obtener acceso al puerto LAN del sistema. Todas las versiones est\u00e1n afectadas"}], "lastModified": "2024-11-21T04:37:55.897", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:nec:um8000_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A2A1D915-BEBE-4C38-9362-CD42D368E376"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:nec:um8000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "AB18A6B9-5C17-4DB1-80B0-C6E1AE055F64"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}