CVE-2019-20028
First published: Wed Jul 29 2020(Updated: )
Aspire-derived NEC PBXes operating InMail software, including all versions of SV8100, SV9100, SL1100 and SL2100 devices allow unauthenticated read-only access to voicemails, greetings, and voice response system content through a system's WebPro administration interface.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Nec Sv8100 Firmware | ||
| Nec Sv8100 | ||
| Nec Sv9100 Firmware | ||
| NEC SV9100 | ||
| Nec Sl1100 Firmware | ||
| Nec Sl1100 | ||
| Nec Sl2100 Firmware | ||
| Nec Sl2100 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2019-20028?
CVE-2019-20028 is a vulnerability that affects Aspire-derived NEC PBXes operating InMail software, including all versions of SV8100, SV9100, SL1100 and SL2100 devices.
How does CVE-2019-20028 allow unauthorized access?
CVE-2019-20028 allows unauthenticated read-only access to voicemails, greetings, and voice response system content through a system's WebPro administration interface.
Which NEC PBXes are affected by CVE-2019-20028?
CVE-2019-20028 affects all versions of SV8100, SV9100, SL1100, and SL2100 devices operating InMail software.
What is the severity of CVE-2019-20028?
CVE-2019-20028 has a severity rating of 7.5 (high).
Is there a fix available for CVE-2019-20028?
There is no available fix for CVE-2019-20028 at the moment, but users are advised to follow the vendor's recommendations and apply any security patches or updates when they become available.