Lucene search

[email protected]NVD:CVE-2023-29930

HistoryMay 10, 2023 - 3:15 p.m.

CVE-2023-29930

2023-05-1015:15:09

CWE-434

[email protected]

web.nvd.nist.gov

genesys cic

polycom

tftp server

remote code execution

remote attacker

arbitrary code

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.9

Confidence

High

EPSS

0.004

Percentile

74.3%

JSON

An issue was found in Genesys CIC Polycom phone provisioning TFTP Server all version allows a remote attacker to execute arbitrary code via the login crednetials to the TFTP server configuration page.

Affected configurations

Nvd

Node

genesystftp_server

VendorProductVersionCPE
genesystftp_server*cpe:2.3:a:genesys:tftp_server:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
genesys	tftp_server	*	cpe:2.3:a:genesys:tftp_server::::::::

References

github.com/YSaxon/TFTPlunder

help.genesys.com/pureconnect/mergedprojects/wh_tr/mergedprojects/wh_tr_polycom_phones/desktop/configuring_the_tftp_server1.htm

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.9

Confidence

High

EPSS

0.004

Percentile

74.3%

JSON

Related for NVD:CVE-2023-29930

cvelist1 cve1 githubexploit1 prion1