CVE-2025-34332

Exploit

EPSS 0.18%
Veröffentlicht 19.11.2025 16:23:27
Zuletzt bearbeitet 11.12.2025 21:19:07
Quelle disclosure@vulncheck.com
CVE-Watchlists
Login
Unerledigt
Login

AudioCodes Fax/IVR Appliance <= 2.6.23 Insecure Service Control Scripts LPE

AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 include a web administration component that controls back-end Windows services using helper batch scripts located under C:\\F2MAdmin\\F2E\\AudioCodes_files\\utils\\Services. When certain service actions are requested through ajaxPost.php, these scripts are invoked by PHP using system() under the NT AUTHORITY\\SYSTEM account. The batch files in this directory are writable by any authenticated local user due to overly permissive ACLs, allowing them to replace script contents with arbitrary commands. On the next service start/stop operation, the modified script is executed as SYSTEM, enabling elevation of local privileges.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 7

NVD 2 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Audiocodes ≫ Fax Server Version <= 2.6.23

Audiocodes ≫ Interactive Voice Response Version <= 2.6.23

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.18%	0.074

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
disclosure@vulncheck.com	8.5	0	0	CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-276 Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

https://www.audiocodes.com/media/g1in2u2o/0548-product-notice-end-of-service-for-audiocodes-auto-attendant-ivr-solution.pdf

Product

https://pierrekim.github.io/blog/2025-11-20-audiocodes-fax-ivr-8-vulnerabilities.html

Third Party Advisory

Exploit

https://pierrekim.github.io/advisories/2025-audiocodes-fax-ivr.txt

Third Party Advisory

Exploit

https://www.vulncheck.com/advisories/audiocodes-fax-ivr-appliance-insecure-service-control-scripts-lpe

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-34332

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-34332

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-34332

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-34332