CVE-2019-20025: Static user authentication credentials provided manufacturer level access to web configuration utility.

Description: Certain builds of SV9100 software could allow an unauthenticated, remote attacker to log into a device running an affected release with a hardcoded username and password, aka a Static Credential Vulnerability. The vulnerability is due to an undocumented user account with manufacturer privilege level. An attacker could exploit this vulnerability by using this account to remotely log into an affected device. A successful exploit could allow the attacker to log into the device with manufacturer level access. This vulnerability affects SV9100 PBXes that are running software release 6.0 or higher. This vulnerability does not affect SV9100 software releases prior to 6.0.

CVSS Score: 9.8 (Critical)



CVE ID: CVE-2019-20026: Password reset functionality accessible from unprivileged context.

Description: The WebPro interface in SV9100 software releases 7.0 or higher allows unauthenticated remote attackers to reset all existing usernames and passwords to default values via a crafted request.

CVSS Score: 9.8 (Critical)



CVE ID: CVE-2019-20027: Potentially misconfigured systems may allow successful authentication with blank credentials.

Description: Aspire-derived NEC PBXes, including the SV8100, SV9100, SL1100 and SL2100 with software releases contain the possibility if incorrectly configured to allow a blank username and password combination to be entered as a valid, successfully authenticating account.

CVSS Score: 6.4 (Medium)



CVE-2019-20028: Voicemails accessible from web server without authentication.

Description: Aspire-derived NEC PBXes operating InMail software, including the SV8100, SV9100, SL1100 and SL2100 allow unauthenticated read-only access to voicemails, greetings, and voice response system content through a system's WebPro administration interface.

CVSS Score: 7.5 (High)



CVE ID: CVE-2019-20029: Privilege escalation allows hidden developer access in web configuration utility.

Description: An exploitable privilege escalation vulnerability exists in the WebPro functionality of Aspire-derived NEC PBXes, including the SV8100, SV9100, SL1100 and SL2100. A specially crafted HTTP POST can cause privilege escalation resulting in a higher privileged account, including an undocumented developer level of access.

CVSS Score: 8.8 (High)



CVE ID: CVE-2019-20030: Ability to access local network through the voicemail system.

Description: An attacker with knowledge of the modem access number on a NEC UM8000 voicemail system may use SSH tunneling or standard Linux utilities to gain access to the system's LAN port.

CVSS Score: 10.0 (Critical)




CVE ID: CVE-2019-20031: Unmitigated risk of brute force attacks on voicemail passwords.

Description: NEC UM8000, UM4730 and prior non-InMail voicemail systems with all known software versions may permit an infinite number of login attempts in the telephone user interface (TUI), effectively allowing bruteforce attacks.

CVSS Score: 7.7 (High)




CVE-2019-20032: Find me/follow me feature allows access to modem interface from any voicemail box

Description: An attacker with access to an InMail voicemail box equipped with the find me/follow me feature on Aspire-derived NEC PBXes, including the SV8100, SV9100, SL1100 and SL2100, may access the system's administration modem.

CVSS Score: 7.1 (High)




CVE-2019-20033: DIM interface accessible after establishing a PPP connection has static user authentication credentials.

Description: On Aspire-derived NEC PBXes, including the SV8100, a set of documented, static login credentials may be used to access the DIM interface.

CVSS Score: 9.8 (Critical)