AudioCodes Mediant family of multi-service business routers (MSBRs) offers service providers a range of all-in-one SOHO, SMB and SME routers combining access, data, voice and security into a single device.[1]
During our research we found a DoS(CVE-2019-9228), a XXS(CVE-2019-9230) and CSRF(CVE-2019-9231) vulnerability. Although we could gain access to quagga VTYs(CVE-2019-9229).
A Cross-Site Request Forgery (CSRF) vulnerability in the management web interface allows remote attackers to execute malicious and unauthorized actions, because CSRF Protection is not activated by default and the option is not documented in the user manual or security guidelines.
F7.20A to F7.20A.202.307 and any Version shipped with version before F7.20A.202.307. The CSRF protection was implemented in version 7.20A.202.307 but is not activated by default. The option is not documented in the Mediant 500L user manual or security guidelines. Devices shipped with version F7.20A.202.307 and later have the option enabled by default. The option is not activated in an update.
Update to F7.20A.202.307 or higher and activate the CSRF protection. The option could be enabled only by the upload of a ini file with the parameter CSRFProtection=1
| 2019/02/14 | vendor contacted |
| 2019/02/14 | initial vendor response |
| 2019/02/14 | vendor informs about start of review process |
| 2019/02/15 | vendor requests further details |
| 2019/02/15 | further details provided |
| 2019/02/18 | vendor informs about detail analysis |
| 2019/02/19 | vendor confirmation, planned fixes and roadmap provided |
| 2019/03/01 | CVEs assigned |
| 2019/06/28 | vendor informs that planned fixes are published |