CVE-2019-20027
First published: Wed Jul 29 2020(Updated: )
Aspire-derived NEC PBXes, including the SV8100, SV9100, SL1100 and SL2100 with software releases 7.0 or higher contain the possibility if incorrectly configured to allow a blank username and password combination to be entered as a valid, successfully authenticating account.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Nec Sv8100 Firmware | >=7.0 | |
| Nec Sv8100 | ||
| Nec Sv9100 Firmware | >=7.0 | |
| NEC SV9100 | ||
| Nec Sl1100 Firmware | >=7.0 | |
| Nec Sl1100 | ||
| Nec Sl2100 Firmware | >=7.0 | |
| Nec Sl2100 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this issue?
The vulnerability ID of this issue is CVE-2019-20027.
Which NEC PBXes are affected by this vulnerability?
Aspire-derived NEC PBXes including the SV8100, SV9100, SL1100, and SL2100 with software releases 7.0 or higher are affected.
What is the severity rating of CVE-2019-20027?
CVE-2019-20027 has a severity rating of 9.8 (Critical).
How can this vulnerability be exploited?
If incorrectly configured, this vulnerability allows a blank username and password combination to be entered as a valid, successfully authenticating account.
Where can I find more information about CVE-2019-20027?
You can find more information about CVE-2019-20027 at the following link: [https://shadytel.su/files/nec_cve.txt](https://shadytel.su/files/nec_cve.txt)
- collector/nvd-index
- vendor/nec
- canonical/nec sv8100 firmware
- version/nec sv8100 firmware/7.0
- canonical/nec sv8100
- canonical/nec sv9100 firmware
- version/nec sv9100 firmware/7.0
- canonical/nec sv9100
- canonical/nec sl1100 firmware
- version/nec sl1100 firmware/7.0
- canonical/nec sl1100
- canonical/nec sl2100 firmware
- version/nec sl2100 firmware/7.0
- canonical/nec sl2100