Vulnerability Details CVE-2019-20029
An exploitable privilege escalation vulnerability exists in the WebPro functionality of Aspire-derived NEC PBXes, including all versions of SV8100, SV9100, SL1100 and SL2100 devices. A specially crafted HTTP POST can cause privilege escalation resulting in a higher privileged account, including an undocumented developer level of access.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.024
EPSS Ranking 84.2%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 6.5
Products affected by CVE-2019-20029
-
cpe:2.3:h:nec:sl1100:-
-
cpe:2.3:h:nec:sl2100:-
-
cpe:2.3:h:nec:sv8100:-
-
cpe:2.3:h:nec:sv9100:-
-
cpe:2.3:o:nec:sl1100_firmware:-
-
cpe:2.3:o:nec:sl1100_firmware:7.0
-
cpe:2.3:o:nec:sl2100_firmware:-
-
cpe:2.3:o:nec:sl2100_firmware:7.0
-
cpe:2.3:o:nec:sv8100_firmware:-
-
cpe:2.3:o:nec:sv8100_firmware:7.0
-
cpe:2.3:o:nec:sv9100_firmware:-
-
cpe:2.3:o:nec:sv9100_firmware:6.0
-
cpe:2.3:o:nec:sv9100_firmware:7.0