CVE-2019-20031
Severity Score
9.1
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
NEC UM8000, UM4730 and prior non-InMail voicemail systems with all known software versions may permit an infinite number of login attempts in the telephone user interface (TUI), effectively allowing brute force attacks.
NEC UM8000, UM4730 y anteriores a sistemas de correo de voz que no son InMail con todas las versiones de software conocidas pueden permitir un número infinito de intentos de inicio de sesión en la interfaz de usuario del teléfono (TUI), permitiendo efectivamente ataques de fuerza bruta
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2019-12-27 CVE Reserved
- 2020-07-29 CVE Published
- 2023-04-14 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-307: Improper Restriction of Excessive Authentication Attempts
CAPEC
References (1)
| URL | Tag | Source |
|---|---|---|
| https://shadytel.su/files/nec_cve.txt | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Nec Search vendor "Nec" | Um8000 Firmware Search vendor "Nec" for product "Um8000 Firmware" | * | - |
Affected
| in | Nec Search vendor "Nec" | Um8000 Search vendor "Nec" for product "Um8000" | - | - |
Safe
|
| Nec Search vendor "Nec" | Um4730 Firmware Search vendor "Nec" for product "Um4730 Firmware" | * | - |
Affected
| in | Nec Search vendor "Nec" | Um4730 Search vendor "Nec" for product "Um4730" | - | - |
Safe
|