Search
Find a vulnerability
Search criteria
4 vulnerabilities found for c455hd_firmware by audiocodes
CVE-2023-22957 (GCVE-0-2023-22957)
Vulnerability from nvd – Published: 2023-08-11 00:00 – Updated: 2024-10-10 15:48
VLAI
Summary
An issue was discovered in libac_des3.so on AudioCodes VoIP desk phones through 3.4.4.1000. Due to the use of hard-coded cryptographic key, an attacker with access to backup or configuration files is able to decrypt encrypted values and retrieve sensitive information, e.g., the device root password.
Severity
No CVSS data available.
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- n/a
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| audiocodes_ltd | voip_phones |
Affected:
0 , ≤ 3.4.4.1000
(custom)
cpe:2.3:h:audiocodes_ltd:voip_phones:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:20:31.404Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://syss.de"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-052.txt"
},
{
"name": "20230815 Use of Hard-coded Cryptographic Key (CWE-321) / CVE-2023-22957",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Aug/15"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/174215/AudioCodes-VoIP-Phones-Hardcoded-Key.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:audiocodes_ltd:voip_phones:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "voip_phones",
"vendor": "audiocodes_ltd",
"versions": [
{
"lessThanOrEqual": "3.4.4.1000",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22957",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T15:47:24.365479Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T15:48:38.248Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in libac_des3.so on AudioCodes VoIP desk phones through 3.4.4.1000. Due to the use of hard-coded cryptographic key, an attacker with access to backup or configuration files is able to decrypt encrypted values and retrieve sensitive information, e.g., the device root password."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-17T18:07:34.420Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://syss.de"
},
{
"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-052.txt"
},
{
"name": "20230815 Use of Hard-coded Cryptographic Key (CWE-321) / CVE-2023-22957",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2023/Aug/15"
},
{
"url": "http://packetstormsecurity.com/files/174215/AudioCodes-VoIP-Phones-Hardcoded-Key.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-22957",
"datePublished": "2023-08-11T00:00:00.000Z",
"dateReserved": "2023-01-11T00:00:00.000Z",
"dateUpdated": "2024-10-10T15:48:38.248Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22956 (GCVE-0-2023-22956)
Vulnerability from nvd – Published: 2023-08-11 00:00 – Updated: 2024-10-10 14:28
VLAI
Summary
An issue was discovered on AudioCodes VoIP desk phones through 3.4.4.1000. Due to the use of a hard-coded cryptographic key, an attacker is able to decrypt encrypted configuration files and retrieve sensitive information.
Severity
No CVSS data available.
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- n/a
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| audiocodes_ltd | voip_phones |
Affected:
400HD
cpe:2.3:h:audiocodes_ltd:voip_phones:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:20:31.438Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://syss.de"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-054.txt"
},
{
"name": "20230815 Use of Hard-coded Cryptographic Key (CWE-321) / CVE-2023-22956",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Aug/16"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/174216/AudioCodes-VoIP-Phones-Hardcoded-Key.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:audiocodes_ltd:voip_phones:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "voip_phones",
"vendor": "audiocodes_ltd",
"versions": [
{
"status": "affected",
"version": "400HD"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22956",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T14:23:15.808406Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T14:28:32.609Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on AudioCodes VoIP desk phones through 3.4.4.1000. Due to the use of a hard-coded cryptographic key, an attacker is able to decrypt encrypted configuration files and retrieve sensitive information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-17T18:07:29.624Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://syss.de"
},
{
"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-054.txt"
},
{
"name": "20230815 Use of Hard-coded Cryptographic Key (CWE-321) / CVE-2023-22956",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2023/Aug/16"
},
{
"url": "http://packetstormsecurity.com/files/174216/AudioCodes-VoIP-Phones-Hardcoded-Key.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-22956",
"datePublished": "2023-08-11T00:00:00.000Z",
"dateReserved": "2023-01-11T00:00:00.000Z",
"dateUpdated": "2024-10-10T14:28:32.609Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22956 (GCVE-0-2023-22956)
Vulnerability from cvelistv5 – Published: 2023-08-11 00:00 – Updated: 2024-10-10 14:28
VLAI
Summary
An issue was discovered on AudioCodes VoIP desk phones through 3.4.4.1000. Due to the use of a hard-coded cryptographic key, an attacker is able to decrypt encrypted configuration files and retrieve sensitive information.
Severity
No CVSS data available.
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- n/a
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| audiocodes_ltd | voip_phones |
Affected:
400HD
cpe:2.3:h:audiocodes_ltd:voip_phones:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:20:31.438Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://syss.de"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-054.txt"
},
{
"name": "20230815 Use of Hard-coded Cryptographic Key (CWE-321) / CVE-2023-22956",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Aug/16"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/174216/AudioCodes-VoIP-Phones-Hardcoded-Key.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:audiocodes_ltd:voip_phones:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "voip_phones",
"vendor": "audiocodes_ltd",
"versions": [
{
"status": "affected",
"version": "400HD"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22956",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T14:23:15.808406Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T14:28:32.609Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on AudioCodes VoIP desk phones through 3.4.4.1000. Due to the use of a hard-coded cryptographic key, an attacker is able to decrypt encrypted configuration files and retrieve sensitive information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-17T18:07:29.624Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://syss.de"
},
{
"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-054.txt"
},
{
"name": "20230815 Use of Hard-coded Cryptographic Key (CWE-321) / CVE-2023-22956",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2023/Aug/16"
},
{
"url": "http://packetstormsecurity.com/files/174216/AudioCodes-VoIP-Phones-Hardcoded-Key.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-22956",
"datePublished": "2023-08-11T00:00:00.000Z",
"dateReserved": "2023-01-11T00:00:00.000Z",
"dateUpdated": "2024-10-10T14:28:32.609Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22957 (GCVE-0-2023-22957)
Vulnerability from cvelistv5 – Published: 2023-08-11 00:00 – Updated: 2024-10-10 15:48
VLAI
Summary
An issue was discovered in libac_des3.so on AudioCodes VoIP desk phones through 3.4.4.1000. Due to the use of hard-coded cryptographic key, an attacker with access to backup or configuration files is able to decrypt encrypted values and retrieve sensitive information, e.g., the device root password.
Severity
No CVSS data available.
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- n/a
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| audiocodes_ltd | voip_phones |
Affected:
0 , ≤ 3.4.4.1000
(custom)
cpe:2.3:h:audiocodes_ltd:voip_phones:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:20:31.404Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://syss.de"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-052.txt"
},
{
"name": "20230815 Use of Hard-coded Cryptographic Key (CWE-321) / CVE-2023-22957",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Aug/15"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/174215/AudioCodes-VoIP-Phones-Hardcoded-Key.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:audiocodes_ltd:voip_phones:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "voip_phones",
"vendor": "audiocodes_ltd",
"versions": [
{
"lessThanOrEqual": "3.4.4.1000",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22957",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T15:47:24.365479Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T15:48:38.248Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in libac_des3.so on AudioCodes VoIP desk phones through 3.4.4.1000. Due to the use of hard-coded cryptographic key, an attacker with access to backup or configuration files is able to decrypt encrypted values and retrieve sensitive information, e.g., the device root password."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-17T18:07:34.420Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://syss.de"
},
{
"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-052.txt"
},
{
"name": "20230815 Use of Hard-coded Cryptographic Key (CWE-321) / CVE-2023-22957",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2023/Aug/15"
},
{
"url": "http://packetstormsecurity.com/files/174215/AudioCodes-VoIP-Phones-Hardcoded-Key.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-22957",
"datePublished": "2023-08-11T00:00:00.000Z",
"dateReserved": "2023-01-11T00:00:00.000Z",
"dateUpdated": "2024-10-10T15:48:38.248Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}