CVE-2025-34334

Name of the Vulnerable Software and Affected Versions AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23

Description The software contains a flaw due to an authenticated command injection in the fax test functionality implemented by AudioCodes files/TestFax.php. When a fax "send" test is requested, the application constructs a faxsender command line using parameters provided by an attacker and passes it to RunBatchFile without sufficient validation or shell-argument sanitization. The resulting batch file is written to a temporary run directory and then executed by a backend service running with SYSTEM privileges. An authenticated attacker with access to the fax test interface can create parameter values that inject additional shell commands into the generated batch file, resulting in arbitrary command execution with SYSTEM privileges. Additionally, due to overly permissive file system permissions on the location where the generated batch files are stored, a local low-privilege user on the server can modify pending batch files to achieve the same privilege escalation.

Recommendations Versions prior to 2.6.23 should be used.