PT-2023-18796 · Audiocodes · Audiocodes Voip Desk Phones
Matthias Deeg
+1
·
Published
2023-08-11
·
Updated
2023-08-22
·
CVE-2023-22955
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
AudioCodes VoIP desk phones versions through 3.4.4.1000
Description
An issue was discovered where the validation of firmware images only consists of simple checksum checks for different firmware components. This allows an attacker, by knowing how to calculate and where to store the required checksums for the flasher tool, to store malicious firmware.
Recommendations
For versions through 3.4.4.1000, as a temporary workaround, consider restricting access to the flasher tool until a patch is available.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Insufficient Verification of Data Authenticity
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Audiocodes Voip Desk Phones