Lucene search

[email protected]NVD:CVE-2023-22956

HistoryAug 11, 2023 - 8:15 p.m.

CVE-2023-22956

2023-08-1120:15:14

CWE-798

[email protected]

web.nvd.nist.gov

audiocodes

voip

vulnerability

cryptographic key

decryption

sensitive information

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.004

Percentile

73.6%

JSON

An issue was discovered on AudioCodes VoIP desk phones through 3.4.4.1000. Due to the use of a hard-coded cryptographic key, an attacker is able to decrypt encrypted configuration files and retrieve sensitive information.

Affected configurations

Nvd

Node

audiocodesc470hd_firmwareRange≤3.4.4.1000

AND

audiocodesc470hdMatch-

Node

audiocodesc455hd_firmwareRange≤3.4.4.1000

AND

audiocodesc455hdMatch-

Node

audiocodesc435hd_firmwareRange≤3.4.4.1000

AND

audiocodesc435hdMatch-

Node

audiocodes445hd_firmwareRange≤3.4.4.1000

AND

audiocodes445hdMatch-

Node

audiocodes405hd_firmwareRange≤3.4.4.1000

AND

audiocodes405hdMatch-

Node

audiocodesc450hd_firmwareRange≤3.4.4.1000

AND

audiocodesc450hdMatch-

VendorProductVersionCPE
audiocodesc470hd_firmware*cpe:2.3:o:audiocodes:c470hd_firmware:*:*:*:*:*:*:*:*
audiocodesc470hd-cpe:2.3:h:audiocodes:c470hd:-:*:*:*:*:*:*:*
audiocodesc455hd_firmware*cpe:2.3:o:audiocodes:c455hd_firmware:*:*:*:*:*:*:*:*
audiocodesc455hd-cpe:2.3:h:audiocodes:c455hd:-:*:*:*:*:*:*:*
audiocodesc435hd_firmware*cpe:2.3:o:audiocodes:c435hd_firmware:*:*:*:*:*:*:*:*
audiocodesc435hd-cpe:2.3:h:audiocodes:c435hd:-:*:*:*:*:*:*:*
audiocodes445hd_firmware*cpe:2.3:o:audiocodes:445hd_firmware:*:*:*:*:*:*:*:*
audiocodes445hd-cpe:2.3:h:audiocodes:445hd:-:*:*:*:*:*:*:*
audiocodes405hd_firmware*cpe:2.3:o:audiocodes:405hd_firmware:*:*:*:*:*:*:*:*
audiocodes405hd-cpe:2.3:h:audiocodes:405hd:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
audiocodes	c470hd_firmware	*	cpe:2.3:o:audiocodes:c470hd_firmware::::::::
audiocodes	c470hd	-	cpe:2.3:h:audiocodes:c470hd:-:::::::*
audiocodes	c455hd_firmware	*	cpe:2.3:o:audiocodes:c455hd_firmware::::::::
audiocodes	c455hd	-	cpe:2.3:h:audiocodes:c455hd:-:::::::*
audiocodes	c435hd_firmware	*	cpe:2.3:o:audiocodes:c435hd_firmware::::::::
audiocodes	c435hd	-	cpe:2.3:h:audiocodes:c435hd:-:::::::*
audiocodes	445hd_firmware	*	cpe:2.3:o:audiocodes:445hd_firmware::::::::
audiocodes	445hd	-	cpe:2.3:h:audiocodes:445hd:-:::::::*
audiocodes	405hd_firmware	*	cpe:2.3:o:audiocodes:405hd_firmware::::::::
audiocodes	405hd	-	cpe:2.3:h:audiocodes:405hd:-:::::::*

Rows per page:

1-10 of 121

References

packetstormsecurity.com/files/174216/AudioCodes-VoIP-Phones-Hardcoded-Key.html

seclists.org/fulldisclosure/2023/Aug/16

syss.de

www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-054.txt

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.004

Percentile

73.6%

JSON

Related for NVD:CVE-2023-22956

packetstorm1 cvelist1 prion1 cve1