← Back

CVE-2023-22955

nvd nist
Published: Aug 11, 2023Modified: Apr 17, 2025

JSON object

Loading...
7.8
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 1.8 / Impact: 5.9
Source: NVD

Description

An issue was discovered on AudioCodes VoIP desk phones through 3.4.4.1000. The validation of firmware images only consists of simple checksum checks for different firmware components. Thus, by knowing how to calculate and where to store the required checksums for the flasher tool, an attacker is able to store malicious firmware.

Affected (3)

Audiocodes
3 products
445hd Firmware
405hd Firmware
C450hd Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
445hd Firmware
Up to 3.4.4.1000
Running on/withPlatform Versions
Audiocodes
445hd
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
405hd Firmware
Up to 3.4.4.1000
Running on/withPlatform Versions
Audiocodes
405hd
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
C450hd Firmware
Up to 3.4.4.1000
Running on/withPlatform Versions
Audiocodes
C450hd
All versions

Related CWEs

CWE-345
Insufficient Verification of Data Authenticity
The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.

References (8)

Source: cve@mitre.org
Third Party AdvisoryVDB Entry
Source: cve@mitre.org
Mailing ListThird Party Advisory
Source: cve@mitre.org
Not Applicable
Source: cve@mitre.org
ExploitVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Not Applicable
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitVendor Advisory

Timeline

No history available yet.