Lucene search

VulDBCVE-2023-4463

HistoryDec 29, 2023 - 10:15 a.m.

CVE-2023-4463

2023-12-2910:15:11

CWE-404

VulDB

web.nvd.nist.gov

cve-2023-4463

poly ccx

trio 8800

trio c60

vulnerability

http header handler

denial of service

remote attack

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.5

Confidence

High

EPSS

0.001

Percentile

22.8%

JSON

A vulnerability classified as problematic was found in Poly CCX 400, CCX 600, Trio 8800 and Trio C60. This vulnerability affects unknown code of the component HTTP Header Handler. The manipulation of the argument Cookie leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249256.

Affected configurations

Nvd

Node

polyccx_400_firmwareMatch-

AND

polyccx_400Match-

Node

polyccx_600_firmwareMatch-

AND

polyccx_600Match-

Node

polytrio_8800_firmwareMatch-

AND

polytrio_8800Match-

Node

polytrio_c60_firmwareMatch-

AND

polytrio_c60Match-

VendorProductVersionCPE
polyccx_400_firmware-cpe:2.3:o:poly:ccx_400_firmware:-:*:*:*:*:*:*:*
polyccx_400-cpe:2.3:h:poly:ccx_400:-:*:*:*:*:*:*:*
polyccx_600_firmware-cpe:2.3:o:poly:ccx_600_firmware:-:*:*:*:*:*:*:*
polyccx_600-cpe:2.3:h:poly:ccx_600:-:*:*:*:*:*:*:*
polytrio_8800_firmware-cpe:2.3:o:poly:trio_8800_firmware:-:*:*:*:*:*:*:*
polytrio_8800-cpe:2.3:h:poly:trio_8800:-:*:*:*:*:*:*:*
polytrio_c60_firmware-cpe:2.3:o:poly:trio_c60_firmware:-:*:*:*:*:*:*:*
polytrio_c60-cpe:2.3:h:poly:trio_c60:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
poly	ccx_400_firmware	-	cpe:2.3:o:poly:ccx_400_firmware:-:::::::*
poly	ccx_400	-	cpe:2.3:h:poly:ccx_400:-:::::::*
poly	ccx_600_firmware	-	cpe:2.3:o:poly:ccx_600_firmware:-:::::::*
poly	ccx_600	-	cpe:2.3:h:poly:ccx_600:-:::::::*
poly	trio_8800_firmware	-	cpe:2.3:o:poly:trio_8800_firmware:-:::::::*
poly	trio_8800	-	cpe:2.3:h:poly:trio_8800:-:::::::*
poly	trio_c60_firmware	-	cpe:2.3:o:poly:trio_c60_firmware:-:::::::*
poly	trio_c60	-	cpe:2.3:h:poly:trio_c60:-:::::::*

CNA Affected

[
  {
    "vendor": "Poly",
    "product": "CCX 400",
    "versions": [
      {
        "version": "n/a",
        "status": "affected"
      }
    ],
    "modules": [
      "HTTP Header Handler"
    ]
  },
  {
    "vendor": "Poly",
    "product": "CCX 600",
    "versions": [
      {
        "version": "n/a",
        "status": "affected"
      }
    ],
    "modules": [
      "HTTP Header Handler"
    ]
  },
  {
    "vendor": "Poly",
    "product": "Trio 8800",
    "versions": [
      {
        "version": "n/a",
        "status": "affected"
      }
    ],
    "modules": [
      "HTTP Header Handler"
    ]
  },
  {
    "vendor": "Poly",
    "product": "Trio C60",
    "versions": [
      {
        "version": "n/a",
        "status": "affected"
      }
    ],
    "modules": [
      "HTTP Header Handler"
    ]
  }
]

References

fahrplan.events.ccc.de/congress/2023/fahrplan/events/11919.html

github.com/modzero/MZ-23-01-Poly-VoIP-Devices

modzero.com/en/advisories/mz-23-01-poly-voip/

modzero.com/en/blog/multiple-vulnerabilities-in-poly-products/

vuldb.com/?ctiid.249256

vuldb.com/?id.249256

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.5

Confidence

High

EPSS

0.001

Percentile

22.8%

JSON

Related for CVE-2023-4463