Privilege Escalation Vulnerability in Aspire-derived NEC PBXes

Privilege Escalation Vulnerability in Aspire-derived NEC PBXes

CVE-2019-20029 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

An exploitable privilege escalation vulnerability exists in the WebPro functionality of Aspire-derived NEC PBXes, including all versions of SV8100, SV9100, SL1100 and SL2100 devices. A specially crafted HTTP POST can cause privilege escalation resulting in a higher privileged account, including an undocumented developer level of access.

Learn more about our Web App Pen Testing.