An issue was discovered in libac_des3.so on AudioCodes VoIP desk phones through 3.4.4.1000. Due to the use of hard-coded cryptographic key, an attacker with access to backup or configuration files is able to decrypt encrypted values and retrieve sensitive information, e.g., the device root password.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/174215/AudioCodes-VoIP-Phones-Hardcoded-Key.html | Exploit Third Party Advisory VDB Entry |
http://seclists.org/fulldisclosure/2023/Aug/15 | Exploit Mailing List Third Party Advisory |
https://syss.de | Not Applicable |
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-052.txt | Exploit Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
History
22 Aug 2023, 16:45
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-052.txt - Exploit, Vendor Advisory | |
References | (FULLDISC) http://seclists.org/fulldisclosure/2023/Aug/15 - Exploit, Mailing List, Third Party Advisory | |
References | (MISC) https://syss.de - Not Applicable | |
References | (MISC) http://packetstormsecurity.com/files/174215/AudioCodes-VoIP-Phones-Hardcoded-Key.html - Exploit, Third Party Advisory, VDB Entry | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
CPE | cpe:2.3:o:audiocodes:c470hd_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:audiocodes:c450hd:-:*:*:*:*:*:*:* cpe:2.3:o:audiocodes:c455hd_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:audiocodes:405hd:-:*:*:*:*:*:*:* cpe:2.3:o:audiocodes:405hd_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:audiocodes:c450hd_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:audiocodes:c455hd:-:*:*:*:*:*:*:* cpe:2.3:h:audiocodes:445hd:-:*:*:*:*:*:*:* cpe:2.3:h:audiocodes:c470hd:-:*:*:*:*:*:*:* cpe:2.3:h:audiocodes:c435hd:-:*:*:*:*:*:*:* cpe:2.3:o:audiocodes:c435hd_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:audiocodes:445hd_firmware:*:*:*:*:*:*:*:* |
|
First Time |
Audiocodes c435hd Firmware
Audiocodes 445hd Firmware Audiocodes c470hd Firmware Audiocodes c450hd Firmware Audiocodes c470hd Audiocodes c455hd Firmware Audiocodes 405hd Firmware Audiocodes c435hd Audiocodes c450hd Audiocodes c455hd Audiocodes 405hd Audiocodes 445hd Audiocodes |
|
CWE | CWE-798 |
17 Aug 2023, 19:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
15 Aug 2023, 19:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
11 Aug 2023, 20:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-08-11 20:15
Updated : 2023-12-10 15:14
NVD link : CVE-2023-22957
Mitre link : CVE-2023-22957
CVE.ORG link : CVE-2023-22957
JSON object : View
Products Affected
audiocodes
- c435hd_firmware
- c455hd_firmware
- c470hd
- c435hd
- 445hd_firmware
- 405hd
- c450hd
- c455hd
- 445hd
- 405hd_firmware
- c450hd_firmware
- c470hd_firmware
CWE
CWE-798
Use of Hard-coded Credentials