4.9

CVE-2023-4466

A vulnerability has been found in Poly CCX 400, CCX 600, Trio 8800 and Trio C60 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Web Interface. The manipulation leads to protection mechanism failure. The attack can be launched remotely. The vendor explains that they do not regard this as a vulnerability as this is a feature that they offer to their customers who have a variety of environmental needs that are met through different firmware builds. To avoid potential roll-back attacks, they remove vulnerable builds from the public servers as a remediation effort. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249259.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PolyCcx 400 Firmware Version-
   PolyCcx 400 Version-
PolyCcx 600 Firmware Version-
   PolyCcx 600 Version-
PolyTrio 8800 Firmware Version-
   PolyTrio 8800 Version-
PolyTrio C60 Firmware Version-
   PolyTrio C60 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.11% 0.288
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.9 1.2 3.6
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
cna@vuldb.com 2.7 1.2 1.4
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
cna@vuldb.com 3.3 6.4 2.9
AV:N/AC:L/Au:M/C:N/I:P/A:N
CWE-693 Protection Mechanism Failure

The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.

https://vuldb.com/?ctiid.249259
Third Party Advisory
VDB Entry
Permissions Required
https://vuldb.com/?id.249259
Third Party Advisory
VDB Entry