AudioCodes Mediant family of multi-service business routers (MSBRs) offers service providers a range of all-in-one SOHO, SMB and SME routers combining access, data, voice and security into a single device.[1]
During our research we found a DoS(CVE-2019-9228), a XXS(CVE-2019-9230) and CSRF(CVE-2019-9231) vulnerability. Although we could gain access to quagga VTYs(CVE-2019-9229).
The management SSH and management TELNET features allow remote attackers to cause a denial of service (connection slot exhaustion) via 5 unauthenticated connection attempts, because the maximum number of unauthenticated clients that can be configured is 5.
F7.20A at least to 7.20A.252.062.
The vendor's position is that this is a design choice, because having a higher value would put a higher load on the system resources. There will be no fix, because the Risk is classified as acceptable.
Restrict the access to the interfaces via Access Lists.
| 2019/02/14 | vendor contacted |
| 2019/02/14 | initial vendor response |
| 2019/02/14 | vendor informs about start of review process |
| 2019/02/15 | vendor requests further details |
| 2019/02/15 | further details provided |
| 2019/02/18 | vendor informs about detail analysis |
| 2019/02/19 | vendor confirmation, planned fixes and roadmap provided |
| 2019/03/01 | CVEs assigned |
| 2019/06/28 | vendor informs that planned fixes are published |