7.5

CVE-2023-22956

Exploit
An issue was discovered on AudioCodes VoIP desk phones through 3.4.4.1000. Due to the use of a hard-coded cryptographic key, an attacker is able to decrypt encrypted configuration files and retrieve sensitive information.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
AudiocodesC470hd Firmware Version <= 3.4.4.1000
   AudiocodesC470hd Version-
AudiocodesC455hd Firmware Version <= 3.4.4.1000
   AudiocodesC455hd Version-
AudiocodesC435hd Firmware Version <= 3.4.4.1000
   AudiocodesC435hd Version-
Audiocodes445hd Firmware Version <= 3.4.4.1000
   Audiocodes445hd Version-
Audiocodes405hd Firmware Version <= 3.4.4.1000
   Audiocodes405hd Version-
AudiocodesC450hd Firmware Version <= 3.4.4.1000
   AudiocodesC450hd Version-
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.13% 0.622
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE-798 Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

https://syss.de
Not Applicable
http://packetstormsecurity.com/files/174216/AudioCodes-VoIP-Phones-Hardcoded-Key.html
Third Party Advisory
Exploit
VDB Entry
http://seclists.org/fulldisclosure/2023/Aug/16
Third Party Advisory
Mailing List
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-054.txt
Vendor Advisory
Exploit