CVE-2019-20029
First published: Wed Jul 29 2020(Updated: )
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Nec Sv8100 Firmware | ||
| Nec Sv8100 | ||
| Nec Sv9100 Firmware | ||
| NEC SV9100 | ||
| Nec Sl1100 Firmware | ||
| Nec Sl1100 | ||
| Nec Sl2100 Firmware | ||
| Nec Sl2100 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2019-20029?
CVE-2019-20029 is an exploitable privilege escalation vulnerability in the WebPro functionality of Aspire-derived NEC PBXes, including all versions of SV8100, SV9100, SL1100, and SL2100 devices.
How can this vulnerability be exploited?
This vulnerability can be exploited by sending a specially crafted HTTP POST request, which can cause privilege escalation resulting in a higher privileged account.
What is the severity of CVE-2019-20029?
The severity of CVE-2019-20029 is classified as high, with a severity score of 8.8.
Which NEC PBX devices are affected by CVE-2019-20029?
All versions of SV8100, SV9100, SL1100, and SL2100 devices are affected by CVE-2019-20029.
How can I mitigate the vulnerability?
To mitigate this vulnerability, it is recommended to apply the latest firmware updates provided by NEC and follow best practices for securing your PBX devices.
- collector/nvd-index
- vendor/nec
- product/sv8100 firmware
- canonical/nec sv8100 firmware
- product/sv8100
- canonical/nec sv8100
- product/sv9100 firmware
- canonical/nec sv9100 firmware
- product/sv9100
- canonical/nec sv9100
- product/sl1100 firmware
- canonical/nec sl1100 firmware
- product/sl1100
- canonical/nec sl1100
- product/sl2100 firmware
- canonical/nec sl2100 firmware
- product/sl2100
- canonical/nec sl2100