Lucene search

MitreCVE-2019-20030

HistoryJul 29, 2020 - 6:15 p.m.

CVE-2019-20030

2020-07-2918:15:13

mitre

web.nvd.nist.gov

cve-2019-20030

nec um8000

voicemail system

ssh tunneling

linux utilities

lan access

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.6

Confidence

High

EPSS

Percentile

12.6%

JSON

An attacker with knowledge of the modem access number on a NEC UM8000 voicemail system may use SSH tunneling or standard Linux utilities to gain access to the system’s LAN port. All versions are affected.

Affected configurations

Nvd

Node

necum8000_firmware

AND

necum8000Match-

VendorProductVersionCPE
necum8000_firmware*cpe:2.3:o:nec:um8000_firmware:*:*:*:*:*:*:*:*
necum8000-cpe:2.3:h:nec:um8000:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
nec	um8000_firmware	*	cpe:2.3:o:nec:um8000_firmware::::::::
nec	um8000	-	cpe:2.3:h:nec:um8000:-:::::::*

References

shadytel.su/files/nec_cve.txt

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.6

Confidence

High

EPSS

Percentile

12.6%

JSON

Related for CVE-2019-20030