Unrated severityNVD Advisory· Published Jul 29, 2020· Updated Aug 5, 2024

CVE-2019-20029

Description

An exploitable privilege escalation vulnerability exists in the WebPro functionality of Aspire-derived NEC PBXes, including all versions of SV8100, SV9100, SL1100 and SL2100 devices. A specially crafted HTTP POST can cause privilege escalation resulting in a higher privileged account, including an undocumented developer level of access.

Affected products

NEC/NEC PBXesdescription
NEC/SV9100llm-create
NEC/SL1100llm-create
NEC/SL2100llm-create
NEC/SV8100llm-fuzzy

Patches

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

shadytel.su/files/nec_cve.txtmitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000