7.5

CVE-2023-22957

Exploit
An issue was discovered in libac_des3.so on AudioCodes VoIP desk phones through 3.4.4.1000. Due to the use of hard-coded cryptographic key, an attacker with access to backup or configuration files is able to decrypt encrypted values and retrieve sensitive information, e.g., the device root password.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
AudiocodesC470hd Firmware Version <= 3.4.4.1000
   AudiocodesC470hd Version-
AudiocodesC455hd Firmware Version <= 3.4.4.1000
   AudiocodesC455hd Version-
AudiocodesC435hd Firmware Version <= 3.4.4.1000
   AudiocodesC435hd Version-
Audiocodes445hd Firmware Version <= 3.4.4.1000
   Audiocodes445hd Version-
Audiocodes405hd Firmware Version <= 3.4.4.1000
   Audiocodes405hd Version-
AudiocodesC450hd Firmware Version <= 3.4.4.1000
   AudiocodesC450hd Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.31% 0.533
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE-798 Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

https://syss.de
Not Applicable
http://seclists.org/fulldisclosure/2023/Aug/15
Third Party Advisory
Exploit
Mailing List