A vulnerability was found in Poly Trio 8800 7.2.6.0019 and classified as critical. Affected by this issue is some unknown functionality of the component Test Automation Mode. The manipulation leads to backdoor. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249260.
References
Link | Resource |
---|---|
https://fahrplan.events.ccc.de/congress/2023/fahrplan/events/11919.html | Not Applicable |
https://github.com/modzero/MZ-23-01-Poly-VoIP-Devices | |
https://modzero.com/en/advisories/mz-23-01-poly-voip/ | |
https://vuldb.com/?ctiid.249260 | Permissions Required Third Party Advisory VDB Entry |
https://vuldb.com/?id.249260 | Third Party Advisory VDB Entry |
Configurations
Configuration 1 (hide)
AND |
|
History
09 Jan 2024, 17:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
05 Jan 2024, 17:34
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 6.5
v3 : 6.6 |
References | () https://fahrplan.events.ccc.de/congress/2023/fahrplan/events/11919.html - Not Applicable | |
References | () https://modzero.com/en/advisories/mz-23-01-poly-voip-devices/ - Broken Link | |
References | () https://vuldb.com/?ctiid.249260 - Permissions Required, Third Party Advisory, VDB Entry | |
References | () https://vuldb.com/?id.249260 - Third Party Advisory, VDB Entry | |
First Time |
Poly trio 8800 Firmware
Poly Poly trio 8800 |
|
CPE | cpe:2.3:o:poly:trio_8800_firmware:7.2.6.0019:*:*:*:*:*:*:* cpe:2.3:h:poly:trio_8800:-:*:*:*:*:*:*:* |
29 Dec 2023, 13:56
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
29 Dec 2023, 10:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-12-29 10:15
Updated : 2024-04-11 01:22
NVD link : CVE-2023-4467
Mitre link : CVE-2023-4467
CVE.ORG link : CVE-2023-4467
JSON object : View
Products Affected
poly
- trio_8800_firmware
- trio_8800
CWE
CWE-912
Hidden Functionality