Vulnerabilities (CVE)

Filtered by vendor Nec Subscribe

Filtered by product Sl1100 Firmware

CVSS v3 Filter

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 2 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2019-20028	1 Nec	8 Sl1100, Sl1100 Firmware, Sl2100 and 5 more	2021-07-21	5.0 MEDIUM	7.5 HIGH
Aspire-derived NEC PBXes operating InMail software, including all versions of SV8100, SV9100, SL1100 and SL2100 devices allow unauthenticated read-only access to voicemails, greetings, and voice response system content through a system's WebPro administration interface.
CVE-2019-20029	1 Nec	8 Sl1100, Sl1100 Firmware, Sl2100 and 5 more	2021-07-21	6.5 MEDIUM	8.8 HIGH
An exploitable privilege escalation vulnerability exists in the WebPro functionality of Aspire-derived NEC PBXes, including all versions of SV8100, SV9100, SL1100 and SL2100 devices. A specially crafted HTTP POST can cause privilege escalation resulting in a higher privileged account, including an undocumented developer level of access.