An issue was discovered in libac_des3.so on AudioCodes VoIP desk phones through 3.4.4.1000. Due to the use of hard-coded cryptographic key, an attacker with access to backup or configuration files is able to decrypt encrypted values and retrieve sensitive information, e.g., the device root password.
History

Fri, 11 Oct 2024 21:15:00 +0000

Type Values Removed Values Added
First Time appeared Audiocodes Ltd
Audiocodes Ltd voip Phones
CPEs cpe:2.3:h:audiocodes_ltd:voip_phones:*:*:*:*:*:*:*:*
Vendors & Products Audiocodes Ltd
Audiocodes Ltd voip Phones
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2023-08-11T00:00:00

Updated: 2024-10-10T15:48:38.248Z

Reserved: 2023-01-11T00:00:00

Link: CVE-2023-22957

cve-icon Vulnrichment

Updated: 2024-08-02T10:20:31.404Z

cve-icon NVD

Status : Modified

Published: 2023-08-11T20:15:14.787

Modified: 2024-11-21T07:45:43.357

Link: CVE-2023-22957

cve-icon Redhat

No data.