Audiocodes

Fax Server

8 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2025-34335

Exploit
  • EPSS 0.56%
  • Veröffentlicht 19.11.2025 16:24:06
  • Zuletzt bearbeitet 11.12.2025 21:11:11

AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 expose an authenticated command injection vulnerability in the license activation workflow handled by AudioCodes_files/ActivateLicense.php. When a license fil...

8.8

CVE-2025-34334

Exploit
  • EPSS 0.21%
  • Veröffentlicht 19.11.2025 16:23:47
  • Zuletzt bearbeitet 11.12.2025 21:12:50

AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 are vulnerable to an authenticated command injection in the fax test functionality implemented by AudioCodes_files/TestFax.php. When a fax "send" test is requ...

7.8

CVE-2025-34332

Exploit
  • EPSS 0.02%
  • Veröffentlicht 19.11.2025 16:23:27
  • Zuletzt bearbeitet 11.12.2025 21:19:07

AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 include a web administration component that controls back-end Windows services using helper batch scripts located under C:\\F2MAdmin\\F2E\\AudioCodes_files\\u...

9.8

CVE-2025-34329

Exploit
  • EPSS 1.77%
  • Veröffentlicht 19.11.2025 16:23:09
  • Zuletzt bearbeitet 12.12.2025 16:09:44

AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 expose an unauthenticated backup upload endpoint at AudioCodes_files/ajaxBackupUploadFile.php in the F2MAdmin web interface. The script derives a backup folde...

7.5

CVE-2025-34331

Exploit
  • EPSS 0.05%
  • Veröffentlicht 19.11.2025 16:22:50
  • Zuletzt bearbeitet 12.12.2025 16:05:32

AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 contain an unauthenticated file read vulnerability via the download.php script. The endpoint exposes a file download mechanism that lacks access control, allo...

9.8

CVE-2025-34328

Exploit
  • EPSS 0.31%
  • Veröffentlicht 19.11.2025 16:22:22
  • Zuletzt bearbeitet 12.12.2025 16:10:36

AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 include a web administration component (F2MAdmin) that exposes an unauthenticated script-management endpoint at AudioCodes_files/utils/IVR/diagram/ajaxScript....

5.3

CVE-2025-34330

Exploit
  • EPSS 0.36%
  • Veröffentlicht 19.11.2025 16:22:02
  • Zuletzt bearbeitet 12.12.2025 16:06:47

AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 include a web administration component (F2MAdmin) that exposes an unauthenticated prompt upload endpoint at AudioCodes_files/utils/IVR/diagram/ajaxPromptUploa...

7.8

CVE-2025-34333

Exploit
  • EPSS 0.03%
  • Veröffentlicht 19.11.2025 16:21:42
  • Zuletzt bearbeitet 11.12.2025 21:18:46

AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 configure the web document root at C:\\F2MAdmin\\F2E with overly permissive file system permissions. Authenticated local users have modify rights on this dire...