A vulnerability classified as problematic was found in Poly CCX 400, CCX 600, Trio 8800 and Trio C60. This vulnerability affects unknown code of the component HTTP Header Handler. The manipulation of the argument Cookie leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249256.
References
Link | Resource |
---|---|
https://fahrplan.events.ccc.de/congress/2023/fahrplan/events/11919.html | Not Applicable |
https://github.com/modzero/MZ-23-01-Poly-VoIP-Devices | |
https://modzero.com/en/advisories/mz-23-01-poly-voip/ | |
https://modzero.com/en/blog/multiple-vulnerabilities-in-poly-products/ | Exploit Third Party Advisory |
https://vuldb.com/?ctiid.249256 | Permissions Required |
https://vuldb.com/?id.249256 | Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
History
09 Jan 2024, 17:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
05 Jan 2024, 22:23
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
References | () https://fahrplan.events.ccc.de/congress/2023/fahrplan/events/11919.html - Not Applicable | |
References | () https://modzero.com/en/advisories/mz-23-01-poly-voip-devices/ - Broken Link | |
References | () https://vuldb.com/?ctiid.249256 - Permissions Required | |
References | () https://vuldb.com/?id.249256 - Third Party Advisory | |
CPE | cpe:2.3:h:poly:trio_8800:-:*:*:*:*:*:*:* cpe:2.3:h:poly:trio_c60:-:*:*:*:*:*:*:* cpe:2.3:o:poly:ccx_400_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:poly:trio_8800_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:poly:ccx_600_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:poly:ccx_600:-:*:*:*:*:*:*:* cpe:2.3:h:poly:ccx_400:-:*:*:*:*:*:*:* cpe:2.3:o:poly:trio_c60_firmware:-:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 7.5 |
First Time |
Poly ccx 600 Firmware
Poly trio C60 Firmware Poly ccx 400 Poly trio 8800 Poly ccx 400 Firmware Poly trio C60 Poly trio 8800 Firmware Poly Poly ccx 600 |
29 Dec 2023, 13:56
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
29 Dec 2023, 10:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-12-29 10:15
Updated : 2024-04-11 01:22
NVD link : CVE-2023-4463
Mitre link : CVE-2023-4463
CVE.ORG link : CVE-2023-4463
JSON object : View
Products Affected
poly
- ccx_400
- trio_c60
- ccx_600_firmware
- trio_8800
- ccx_600
- ccx_400_firmware
- trio_8800_firmware
- trio_c60_firmware
CWE
CWE-404
Improper Resource Shutdown or Release