PT-2023-18798 · Audiocodes · Audiocodes Voip Desk Phones
Moritz Abrell
·
Publicado
2023-08-11
·
Atualizado
2023-08-22
·
CVE-2023-22957
CVSS v3.1
7.5
Alta
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
AudioCodes VoIP desk phones versions 3.4.4.1000 and earlier
Description
An issue was discovered in libac des3.so due to the use of a hard-coded cryptographic key. This allows an attacker with access to backup or configuration files to decrypt encrypted values and retrieve sensitive information, such as the device root password.
Recommendations
For versions 3.4.4.1000 and earlier, consider disabling access to backup or configuration files until a patch is available to prevent exploitation.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Using Hardcoded Credentials
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Audiocodes Voip Desk Phones