Lucene search

MitreCVE-2023-22956

HistoryAug 11, 2023 - 8:15 p.m.

CVE-2023-22956

2023-08-1120:15:14

CWE-798

mitre

web.nvd.nist.gov

audiocodes

voip

desk phones

cve-2023-22956

security

encryption

vulnerability

nvd

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.4

Confidence

High

EPSS

0.004

Percentile

73.6%

JSON

An issue was discovered on AudioCodes VoIP desk phones through 3.4.4.1000. Due to the use of a hard-coded cryptographic key, an attacker is able to decrypt encrypted configuration files and retrieve sensitive information.

Affected configurations

Nvd

Node

audiocodesc470hd_firmwareRange≤3.4.4.1000

AND

audiocodesc470hdMatch-

Node

audiocodesc455hd_firmwareRange≤3.4.4.1000

AND

audiocodesc455hdMatch-

Node

audiocodesc435hd_firmwareRange≤3.4.4.1000

AND

audiocodesc435hdMatch-

Node

audiocodes445hd_firmwareRange≤3.4.4.1000

AND

audiocodes445hdMatch-

Node

audiocodes405hd_firmwareRange≤3.4.4.1000

AND

audiocodes405hdMatch-

Node

audiocodesc450hd_firmwareRange≤3.4.4.1000

AND

audiocodesc450hdMatch-

VendorProductVersionCPE
audiocodesc470hd_firmware*cpe:2.3:o:audiocodes:c470hd_firmware:*:*:*:*:*:*:*:*
audiocodesc470hd-cpe:2.3:h:audiocodes:c470hd:-:*:*:*:*:*:*:*
audiocodesc455hd_firmware*cpe:2.3:o:audiocodes:c455hd_firmware:*:*:*:*:*:*:*:*
audiocodesc455hd-cpe:2.3:h:audiocodes:c455hd:-:*:*:*:*:*:*:*
audiocodesc435hd_firmware*cpe:2.3:o:audiocodes:c435hd_firmware:*:*:*:*:*:*:*:*
audiocodesc435hd-cpe:2.3:h:audiocodes:c435hd:-:*:*:*:*:*:*:*
audiocodes445hd_firmware*cpe:2.3:o:audiocodes:445hd_firmware:*:*:*:*:*:*:*:*
audiocodes445hd-cpe:2.3:h:audiocodes:445hd:-:*:*:*:*:*:*:*
audiocodes405hd_firmware*cpe:2.3:o:audiocodes:405hd_firmware:*:*:*:*:*:*:*:*
audiocodes405hd-cpe:2.3:h:audiocodes:405hd:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
audiocodes	c470hd_firmware	*	cpe:2.3:o:audiocodes:c470hd_firmware::::::::
audiocodes	c470hd	-	cpe:2.3:h:audiocodes:c470hd:-:::::::*
audiocodes	c455hd_firmware	*	cpe:2.3:o:audiocodes:c455hd_firmware::::::::
audiocodes	c455hd	-	cpe:2.3:h:audiocodes:c455hd:-:::::::*
audiocodes	c435hd_firmware	*	cpe:2.3:o:audiocodes:c435hd_firmware::::::::
audiocodes	c435hd	-	cpe:2.3:h:audiocodes:c435hd:-:::::::*
audiocodes	445hd_firmware	*	cpe:2.3:o:audiocodes:445hd_firmware::::::::
audiocodes	445hd	-	cpe:2.3:h:audiocodes:445hd:-:::::::*
audiocodes	405hd_firmware	*	cpe:2.3:o:audiocodes:405hd_firmware::::::::
audiocodes	405hd	-	cpe:2.3:h:audiocodes:405hd:-:::::::*

Rows per page:

1-10 of 121

References

packetstormsecurity.com/files/174216/AudioCodes-VoIP-Phones-Hardcoded-Key.html

seclists.org/fulldisclosure/2023/Aug/16

syss.de

www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-054.txt

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.4

Confidence

High

EPSS

0.004

Percentile

73.6%

JSON

Related for CVE-2023-22956