Interactive Voice Response Security Vulnerabilities and Issues — Interactive Voice Response CVE List

AudiocodesInteractive Voice Response

8 matches found

CVE•added 2025/11/19 4:22 p.m.•24 views

CVE-2025-34328

AudioCodes Fax Server and Auto-Attendant IVR appliances (≤ 2.6.23) expose an unauthenticated script-management endpoint in the web administration component (F2MAdmin) at AudioCodes_files/utils/IVR/diagram/ajaxScript.php. The saveScript action writes attacker-supplied data directly to a server-sid...

9.8CVSS6.8AI score0.00621EPSS

Web

CVE•added 2025/11/19 4:23 p.m.•17 views

CVE-2025-34329

CVE-2025-34329 affects AudioCodes Fax Server and Auto-Attendant IVR appliances ≤2.6.23. An unauthenticated backup upload endpoint at AudioCodes_files/ajaxBackupUploadFile.php in the F2MAdmin web interface allows uploading a file to a configured backup path, with no authentication, authorization, ...

9.8CVSS7.1AI score0.01017EPSS

Web

CVE•added 2025/11/19 4:23 p.m.•14 views

CVE-2025-34334

AudioCodes Fax Server and Auto-Attendant IVR appliances up to version 2.6.23 are vulnerable to authenticated command injection in the fax test feature (TestFax.php). An attacker with access to the fax test interface can craft parameters that are incorporated into the faxsender command line, which...

8.8CVSS7AI score0.03119EPSS

Web

CVE•added 2025/11/19 4:22 p.m.•10 views

CVE-2025-34330

The CVE-2025-34330 entry affects AudioCodes Fax Server and Auto-Attendant IVR appliances up to version 2.6.23. A web admin component (F2MAdmin) exposes an unauthenticated endpoint at AudioCodes_files/utils/IVR/diagram/ajaxPromptUploadFile.php that accepts uploaded files and writes them into C:\F2...

6.9CVSS6.6AI score0.00421EPSS

Web

CVE•added 2025/11/19 4:22 p.m.•10 views

CVE-2025-34331

CVE-2025-34331 affects AudioCodes Fax Server and Auto-Attendant IVR appliances up to version 2.6.23. The issue is an unauthenticated file read via the download.php endpoint, which lacks access control and lets remote, unauthenticated users request files based on attacker-supplied path/filename. T...

8.7CVSS6.1AI score0.00462EPSS

CVE•added 2025/11/19 4:24 p.m.•9 views

CVE-2025-34335

AudioCodes Fax Server and Auto-Attendant IVR appliances up to version 2.6.23 are affected by an authenticated command injection in the license activation workflow (ActivateLicense.php). An authenticated user uploading a license file can craft the file name’s extension to inject shell metacharacte...

8.8CVSS7.2AI score0.02561EPSS

Web

CVE•added 2025/11/19 4:23 p.m.•8 views

CVE-2025-34332

CVE-2025-34332 affects AudioCodes Fax Server and Auto-Attendant IVR appliances up to version 2.6.23. A web administration component runs Windows service actions via helper batch scripts in C:\F2MAdmin\F2E\AudioCodes_files\utils\Services. When service actions are requested through ajaxPost.php, PH...

8.5CVSS6.2AI score0.00178EPSS

Web

CVE•added 2025/11/19 4:21 p.m.•8 views

CVE-2025-34333

CVE-2025-34333 affects AudioCodes Fax Server and Auto-Attendant IVR appliances

8.5CVSS7AI score0.00178EPSS