← Retour aux CVEs

CVE-2023-22955

HIGH

7.8

Description

An issue was discovered on AudioCodes VoIP desk phones through 3.4.4.1000. The validation of firmware images only consists of simple checksum checks for different firmware components. Thus, by knowing how to calculate and where to store the required checksums for the flasher tool, an attacker is able to store malicious firmware.

Details CVE

Score CVSS v3.17.8

SeveriteHIGH

Vecteur CVSSCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Vecteur d'attaqueLOCAL

ComplexiteLOW

Privileges requisLOW

Interaction utilisateurNONE

Publie8/11/2023

Derniere modification4/17/2025

Sourcenvd

Observations honeypot0

Produits affectes

audiocodes:405hdaudiocodes:405hd_firmwareaudiocodes:445hdaudiocodes:445hd_firmwareaudiocodes:c450hdaudiocodes:c450hd_firmware

Faiblesses (CWE)

CWE-345

References

http://packetstormsecurity.com/files/174214/AudioCodes-VoIP-Phones-Insufficient-Firmware-Validation.html(cve@mitre.org)

http://seclists.org/fulldisclosure/2023/Aug/17(cve@mitre.org)

https://syss.de(cve@mitre.org)

https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-055.txt(cve@mitre.org)

http://packetstormsecurity.com/files/174214/AudioCodes-VoIP-Phones-Insufficient-Firmware-Validation.html(af854a3a-2127-422b-91ae-364da2661108)

http://seclists.org/fulldisclosure/2023/Aug/17(af854a3a-2127-422b-91ae-364da2661108)

https://syss.de(af854a3a-2127-422b-91ae-364da2661108)

https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-055.txt(af854a3a-2127-422b-91ae-364da2661108)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.