An issue was discovered on AudioCodes VoIP desk phones through 3.4.4.1000. Due to the use of a hard-coded cryptographic key, an attacker is able to decrypt encrypted configuration files and retrieve sensitive information.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/174216/AudioCodes-VoIP-Phones-Hardcoded-Key.html | Exploit Third Party Advisory VDB Entry |
http://seclists.org/fulldisclosure/2023/Aug/16 | Mailing List Third Party Advisory |
https://syss.de | Not Applicable |
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-054.txt | Exploit Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
History
22 Aug 2023, 17:09
Type | Values Removed | Values Added |
---|---|---|
First Time |
Audiocodes c435hd Firmware
Audiocodes 445hd Firmware Audiocodes c470hd Firmware Audiocodes c450hd Firmware Audiocodes c470hd Audiocodes c455hd Firmware Audiocodes 405hd Firmware Audiocodes c435hd Audiocodes c450hd Audiocodes c455hd Audiocodes 405hd Audiocodes 445hd Audiocodes |
|
CWE | CWE-798 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
CPE | cpe:2.3:o:audiocodes:c470hd_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:audiocodes:c450hd:-:*:*:*:*:*:*:* cpe:2.3:o:audiocodes:c455hd_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:audiocodes:405hd:-:*:*:*:*:*:*:* cpe:2.3:o:audiocodes:405hd_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:audiocodes:c450hd_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:audiocodes:c455hd:-:*:*:*:*:*:*:* cpe:2.3:h:audiocodes:445hd:-:*:*:*:*:*:*:* cpe:2.3:h:audiocodes:c470hd:-:*:*:*:*:*:*:* cpe:2.3:h:audiocodes:c435hd:-:*:*:*:*:*:*:* cpe:2.3:o:audiocodes:c435hd_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:audiocodes:445hd_firmware:*:*:*:*:*:*:*:* |
|
References | (MISC) https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-054.txt - Exploit, Vendor Advisory | |
References | (MISC) http://packetstormsecurity.com/files/174216/AudioCodes-VoIP-Phones-Hardcoded-Key.html - Exploit, Third Party Advisory, VDB Entry | |
References | (FULLDISC) http://seclists.org/fulldisclosure/2023/Aug/16 - Mailing List, Third Party Advisory | |
References | (MISC) https://syss.de - Not Applicable |
17 Aug 2023, 19:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
15 Aug 2023, 19:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
11 Aug 2023, 20:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-08-11 20:15
Updated : 2023-12-10 15:14
NVD link : CVE-2023-22956
Mitre link : CVE-2023-22956
CVE.ORG link : CVE-2023-22956
JSON object : View
Products Affected
audiocodes
- 405hd
- c450hd_firmware
- c435hd_firmware
- 405hd_firmware
- 445hd
- c470hd
- c435hd
- 445hd_firmware
- c455hd
- c450hd
- c455hd_firmware
- c470hd_firmware
CWE
CWE-798
Use of Hard-coded Credentials