Lucene search

MitreCVE-2023-22957

HistoryAug 11, 2023 - 8:15 p.m.

CVE-2023-22957

2023-08-1120:15:14

CWE-798

mitre

web.nvd.nist.gov

cve-2023-22957

audiocodes

voip

desk phones

cryptographic key

sensitive information

nvd

vulnerability

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.5

Confidence

High

EPSS

0.003

Percentile

72.1%

JSON

An issue was discovered in libac_des3.so on AudioCodes VoIP desk phones through 3.4.4.1000. Due to the use of hard-coded cryptographic key, an attacker with access to backup or configuration files is able to decrypt encrypted values and retrieve sensitive information, e.g., the device root password.

Affected configurations

Nvd

Node

audiocodesc470hdMatch-

AND

audiocodesc470hd_firmwareRange≤3.4.4.1000

Node

audiocodesc455hdMatch-

AND

audiocodesc455hd_firmwareRange≤3.4.4.1000

Node

audiocodesc435hdMatch-

AND

audiocodesc435hd_firmwareRange≤3.4.4.1000

Node

audiocodes445hdMatch-

AND

audiocodes445hd_firmwareRange≤3.4.4.1000

Node

audiocodes405hdMatch-

AND

audiocodes405hd_firmwareRange≤3.4.4.1000

Node

audiocodesc450hdMatch-

AND

audiocodesc450hd_firmwareRange≤3.4.4.1000

VendorProductVersionCPE
audiocodesc470hd-cpe:2.3:h:audiocodes:c470hd:-:*:*:*:*:*:*:*
audiocodesc470hd_firmware*cpe:2.3:o:audiocodes:c470hd_firmware:*:*:*:*:*:*:*:*
audiocodesc455hd-cpe:2.3:h:audiocodes:c455hd:-:*:*:*:*:*:*:*
audiocodesc455hd_firmware*cpe:2.3:o:audiocodes:c455hd_firmware:*:*:*:*:*:*:*:*
audiocodesc435hd-cpe:2.3:h:audiocodes:c435hd:-:*:*:*:*:*:*:*
audiocodesc435hd_firmware*cpe:2.3:o:audiocodes:c435hd_firmware:*:*:*:*:*:*:*:*
audiocodes445hd-cpe:2.3:h:audiocodes:445hd:-:*:*:*:*:*:*:*
audiocodes445hd_firmware*cpe:2.3:o:audiocodes:445hd_firmware:*:*:*:*:*:*:*:*
audiocodes405hd-cpe:2.3:h:audiocodes:405hd:-:*:*:*:*:*:*:*
audiocodes405hd_firmware*cpe:2.3:o:audiocodes:405hd_firmware:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
audiocodes	c470hd	-	cpe:2.3:h:audiocodes:c470hd:-:::::::*
audiocodes	c470hd_firmware	*	cpe:2.3:o:audiocodes:c470hd_firmware::::::::
audiocodes	c455hd	-	cpe:2.3:h:audiocodes:c455hd:-:::::::*
audiocodes	c455hd_firmware	*	cpe:2.3:o:audiocodes:c455hd_firmware::::::::
audiocodes	c435hd	-	cpe:2.3:h:audiocodes:c435hd:-:::::::*
audiocodes	c435hd_firmware	*	cpe:2.3:o:audiocodes:c435hd_firmware::::::::
audiocodes	445hd	-	cpe:2.3:h:audiocodes:445hd:-:::::::*
audiocodes	445hd_firmware	*	cpe:2.3:o:audiocodes:445hd_firmware::::::::
audiocodes	405hd	-	cpe:2.3:h:audiocodes:405hd:-:::::::*
audiocodes	405hd_firmware	*	cpe:2.3:o:audiocodes:405hd_firmware::::::::

Rows per page:

1-10 of 121

References

packetstormsecurity.com/files/174215/AudioCodes-VoIP-Phones-Hardcoded-Key.html

seclists.org/fulldisclosure/2023/Aug/15

syss.de

www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-052.txt

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.5

Confidence

High

EPSS

0.003

Percentile

72.1%

JSON

Related for CVE-2023-22957