An issue was discovered on AudioCodes VoIP desk phones through 3.4.4.1000. The validation of firmware images only consists of simple checksum checks for different firmware components. Thus, by knowing how to calculate and where to store the required checksums for the flasher tool, an attacker is able to store malicious firmware.
History

Thu, 10 Oct 2024 15:15:00 +0000

Type Values Removed Values Added
First Time appeared Audiocodes Ltd
Audiocodes Ltd voip Phones
CPEs cpe:2.3:h:audiocodes_ltd:voip_phones:*:*:*:*:*:*:*:*
Vendors & Products Audiocodes Ltd
Audiocodes Ltd voip Phones
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2023-08-11T00:00:00

Updated: 2024-10-10T14:32:58.889Z

Reserved: 2023-01-11T00:00:00

Link: CVE-2023-22955

cve-icon Vulnrichment

Updated: 2024-08-02T10:20:31.435Z

cve-icon NVD

Status : Modified

Published: 2023-08-11T20:15:14.607

Modified: 2024-11-21T07:45:43.033

Link: CVE-2023-22955

cve-icon Redhat

No data.