Vulnerability Details CVE-2019-20027
Aspire-derived NEC PBXes, including the SV8100, SV9100, SL1100 and SL2100 with software releases 7.0 or higher contain the possibility if incorrectly configured to allow a blank username and password combination to be entered as a valid, successfully authenticating account.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 56.7%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
Products affected by CVE-2019-20027
-
cpe:2.3:h:nec:sl1100:-
-
cpe:2.3:h:nec:sl2100:-
-
cpe:2.3:h:nec:sv8100:-
-
cpe:2.3:h:nec:sv9100:-
-
cpe:2.3:o:nec:sl1100_firmware:7.0
-
cpe:2.3:o:nec:sl2100_firmware:7.0
-
cpe:2.3:o:nec:sv8100_firmware:7.0
-
cpe:2.3:o:nec:sv9100_firmware:7.0