Search criteria
6 vulnerabilities found for VVX 600 by Poly
CVE-2023-4465 (GCVE-0-2023-4465)
Vulnerability from cvelistv5 – Published: 2023-12-29 09:37 – Updated: 2024-08-02 07:31
VLAI?
Title
Poly VVX 601 Configuration File Import unverified password change
Summary
A vulnerability, which was classified as problematic, was found in Poly Trio 8300, Trio 8500, Trio 8800, Trio C60, CCX 350, CCX 400, CCX 500, CCX 505, CCX 600, CCX 700, EDGE E100, EDGE E220, EDGE E300, EDGE E320, EDGE E350, EDGE E400, EDGE E450, EDGE E500, EDGE E550, VVX 101, VVX 150, VVX 201, VVX 250, VVX 300, VVX 301, VVX 310, VVX 311, VVX 350, VVX 400, VVX 401, VVX 410, VVX 411, VVX 450, VVX 500, VVX 501, VVX 600 and VVX 601. Affected is an unknown function of the component Configuration File Import. The manipulation of the argument device.auth.localAdminPassword leads to unverified password change. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-249258 is the identifier assigned to this vulnerability.
Severity ?
CWE
- CWE-620 - Unverified Password Change
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Poly | Trio 8300 |
Affected:
n/a
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Credits
Christoph Wolff
Pascal Zenker
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:31:05.490Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.249258"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.249258"
},
{
"tags": [
"related",
"x_transferred"
],
"url": "https://modzero.com/en/advisories/mz-23-01-poly-voip/"
},
{
"tags": [
"related",
"x_transferred"
],
"url": "https://support.hp.com/us-en/document/ish_9929371-9929407-16/hpsbpy03899"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/modzero/MZ-23-01-Poly-VoIP-Devices"
},
{
"tags": [
"related",
"x_transferred"
],
"url": "https://fahrplan.events.ccc.de/congress/2023/fahrplan/events/11919.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"modules": [
"Configuration File Import"
],
"product": "Trio 8300",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "Trio 8500",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "Trio 8800",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "Trio C60",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "CCX 350",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "CCX 400",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "CCX 500",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "CCX 505",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "CCX 600",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "CCX 700",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "EDGE E100",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "EDGE E220",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "EDGE E300",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "EDGE E320",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "EDGE E350",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "EDGE E400",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "EDGE E450",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "EDGE E500",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "EDGE E550",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "VVX 101",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "VVX 150",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "VVX 201",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "VVX 250",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "VVX 300",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "VVX 301",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "VVX 310",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "VVX 311",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "VVX 350",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "VVX 400",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "VVX 401",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "VVX 410",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "VVX 411",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "VVX 450",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "VVX 500",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "VVX 501",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "VVX 600",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "VVX 601",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Christoph Wolff"
},
{
"lang": "en",
"type": "finder",
"value": "Pascal Zenker"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, was found in Poly Trio 8300, Trio 8500, Trio 8800, Trio C60, CCX 350, CCX 400, CCX 500, CCX 505, CCX 600, CCX 700, EDGE E100, EDGE E220, EDGE E300, EDGE E320, EDGE E350, EDGE E400, EDGE E450, EDGE E500, EDGE E550, VVX 101, VVX 150, VVX 201, VVX 250, VVX 300, VVX 301, VVX 310, VVX 311, VVX 350, VVX 400, VVX 401, VVX 410, VVX 411, VVX 450, VVX 500, VVX 501, VVX 600 and VVX 601. Affected is an unknown function of the component Configuration File Import. The manipulation of the argument device.auth.localAdminPassword leads to unverified password change. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-249258 is the identifier assigned to this vulnerability."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in Poly Trio 8300, Trio 8500, Trio 8800, Trio C60, CCX 350, CCX 400, CCX 500, CCX 505, CCX 600, CCX 700, EDGE E100, EDGE E220, EDGE E300, EDGE E320, EDGE E350, EDGE E400, EDGE E450, EDGE E500, EDGE E550, VVX 101, VVX 150, VVX 201, VVX 250, VVX 300, VVX 301, VVX 310, VVX 311, VVX 350, VVX 400, VVX 401, VVX 410, VVX 411, VVX 450, VVX 500, VVX 501, VVX 600 and VVX 601 gefunden. Sie wurde als problematisch eingestuft. Dabei betrifft es einen unbekannter Codeteil der Komponente Configuration File Import. Durch das Beeinflussen des Arguments device.auth.localAdminPassword mit unbekannten Daten kann eine unverified password change-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 2.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 2.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 3.3,
"vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-620",
"description": "CWE-620 Unverified Password Change",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-09T16:16:20.765Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.249258"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.249258"
},
{
"tags": [
"related"
],
"url": "https://modzero.com/en/advisories/mz-23-01-poly-voip/"
},
{
"tags": [
"related"
],
"url": "https://support.hp.com/us-en/document/ish_9929371-9929407-16/hpsbpy03899"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/modzero/MZ-23-01-Poly-VoIP-Devices"
},
{
"tags": [
"related"
],
"url": "https://fahrplan.events.ccc.de/congress/2023/fahrplan/events/11919.html"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-12-29T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2023-12-29T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-01-09T17:20:00.000Z",
"value": "VulDB entry last update"
}
],
"title": "Poly VVX 601 Configuration File Import unverified password change"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2023-4465",
"datePublished": "2023-12-29T09:37:59.607Z",
"dateReserved": "2023-08-21T17:03:52.457Z",
"dateUpdated": "2024-08-02T07:31:05.490Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4464 (GCVE-0-2023-4464)
Vulnerability from cvelistv5 – Published: 2023-12-29 09:37 – Updated: 2024-08-02 07:31
VLAI?
Title
Poly VVX 601 Diagnostic Telnet Mode os command injection
Summary
A vulnerability, which was classified as critical, has been found in Poly Trio 8300, Trio 8500, Trio 8800, Trio C60, CCX 350, CCX 400, CCX 500, CCX 505, CCX 600, CCX 700, EDGE E100, EDGE E220, EDGE E300, EDGE E320, EDGE E350, EDGE E400, EDGE E450, EDGE E500, EDGE E550, VVX 101, VVX 150, VVX 201, VVX 250, VVX 300, VVX 301, VVX 310, VVX 311, VVX 350, VVX 400, VVX 401, VVX 410, VVX 411, VVX 450, VVX 500, VVX 501, VVX 600 and VVX 601. This issue affects some unknown processing of the component Diagnostic Telnet Mode. The manipulation leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. The identifier VDB-249257 was assigned to this vulnerability.
Severity ?
7.2 (High)
7.2 (High)
CWE
- CWE-78 - OS Command Injection
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Poly | Trio 8300 |
Affected:
n/a
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Credits
Christoph Wolff
Pascal Zenker
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:31:05.501Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://vuldb.com/?id.249257"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.249257"
},
{
"tags": [
"related",
"x_transferred"
],
"url": "https://modzero.com/en/advisories/mz-23-01-poly-voip/"
},
{
"tags": [
"related",
"x_transferred"
],
"url": "https://support.hp.com/us-en/document/ish_9931565-9931594-16/hpsbpy03898"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/modzero/MZ-23-01-Poly-VoIP-Devices"
},
{
"tags": [
"related",
"x_transferred"
],
"url": "https://fahrplan.events.ccc.de/congress/2023/fahrplan/events/11919.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"modules": [
"Diagnostic Telnet Mode"
],
"product": "Trio 8300",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Diagnostic Telnet Mode"
],
"product": "Trio 8500",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Diagnostic Telnet Mode"
],
"product": "Trio 8800",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Diagnostic Telnet Mode"
],
"product": "Trio C60",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Diagnostic Telnet Mode"
],
"product": "CCX 350",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Diagnostic Telnet Mode"
],
"product": "CCX 400",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Diagnostic Telnet Mode"
],
"product": "CCX 500",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Diagnostic Telnet Mode"
],
"product": "CCX 505",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Diagnostic Telnet Mode"
],
"product": "CCX 600",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Diagnostic Telnet Mode"
],
"product": "CCX 700",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Diagnostic Telnet Mode"
],
"product": "EDGE E100",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Diagnostic Telnet Mode"
],
"product": "EDGE E220",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Diagnostic Telnet Mode"
],
"product": "EDGE E300",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Diagnostic Telnet Mode"
],
"product": "EDGE E320",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Diagnostic Telnet Mode"
],
"product": "EDGE E350",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Diagnostic Telnet Mode"
],
"product": "EDGE E400",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Diagnostic Telnet Mode"
],
"product": "EDGE E450",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Diagnostic Telnet Mode"
],
"product": "EDGE E500",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Diagnostic Telnet Mode"
],
"product": "EDGE E550",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Diagnostic Telnet Mode"
],
"product": "VVX 101",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Diagnostic Telnet Mode"
],
"product": "VVX 150",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Diagnostic Telnet Mode"
],
"product": "VVX 201",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Diagnostic Telnet Mode"
],
"product": "VVX 250",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Diagnostic Telnet Mode"
],
"product": "VVX 300",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Diagnostic Telnet Mode"
],
"product": "VVX 301",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Diagnostic Telnet Mode"
],
"product": "VVX 310",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Diagnostic Telnet Mode"
],
"product": "VVX 311",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Diagnostic Telnet Mode"
],
"product": "VVX 350",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Diagnostic Telnet Mode"
],
"product": "VVX 400",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Diagnostic Telnet Mode"
],
"product": "VVX 401",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Diagnostic Telnet Mode"
],
"product": "VVX 410",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Diagnostic Telnet Mode"
],
"product": "VVX 411",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Diagnostic Telnet Mode"
],
"product": "VVX 450",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Diagnostic Telnet Mode"
],
"product": "VVX 500",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Diagnostic Telnet Mode"
],
"product": "VVX 501",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Diagnostic Telnet Mode"
],
"product": "VVX 600",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Diagnostic Telnet Mode"
],
"product": "VVX 601",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Christoph Wolff"
},
{
"lang": "en",
"type": "finder",
"value": "Pascal Zenker"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in Poly Trio 8300, Trio 8500, Trio 8800, Trio C60, CCX 350, CCX 400, CCX 500, CCX 505, CCX 600, CCX 700, EDGE E100, EDGE E220, EDGE E300, EDGE E320, EDGE E350, EDGE E400, EDGE E450, EDGE E500, EDGE E550, VVX 101, VVX 150, VVX 201, VVX 250, VVX 300, VVX 301, VVX 310, VVX 311, VVX 350, VVX 400, VVX 401, VVX 410, VVX 411, VVX 450, VVX 500, VVX 501, VVX 600 and VVX 601. This issue affects some unknown processing of the component Diagnostic Telnet Mode. The manipulation leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. The identifier VDB-249257 was assigned to this vulnerability."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in Poly Trio 8300, Trio 8500, Trio 8800, Trio C60, CCX 350, CCX 400, CCX 500, CCX 505, CCX 600, CCX 700, EDGE E100, EDGE E220, EDGE E300, EDGE E320, EDGE E350, EDGE E400, EDGE E450, EDGE E500, EDGE E550, VVX 101, VVX 150, VVX 201, VVX 250, VVX 300, VVX 301, VVX 310, VVX 311, VVX 350, VVX 400, VVX 401, VVX 410, VVX 411, VVX 450, VVX 500, VVX 501, VVX 600 and VVX 601 entdeckt. Sie wurde als kritisch eingestuft. Dies betrifft einen unbekannten Teil der Komponente Diagnostic Telnet Mode. Durch Manipulieren mit unbekannten Daten kann eine os command injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 8.3,
"vectorString": "AV:N/AC:L/Au:M/C:C/I:C/A:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 OS Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-09T16:16:18.526Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.249257"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.249257"
},
{
"tags": [
"related"
],
"url": "https://modzero.com/en/advisories/mz-23-01-poly-voip/"
},
{
"tags": [
"related"
],
"url": "https://support.hp.com/us-en/document/ish_9931565-9931594-16/hpsbpy03898"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/modzero/MZ-23-01-Poly-VoIP-Devices"
},
{
"tags": [
"related"
],
"url": "https://fahrplan.events.ccc.de/congress/2023/fahrplan/events/11919.html"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-12-29T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2023-12-29T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-01-09T17:17:31.000Z",
"value": "VulDB entry last update"
}
],
"title": "Poly VVX 601 Diagnostic Telnet Mode os command injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2023-4464",
"datePublished": "2023-12-29T09:37:57.839Z",
"dateReserved": "2023-08-21T17:03:47.879Z",
"dateUpdated": "2024-08-02T07:31:05.501Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4462 (GCVE-0-2023-4462)
Vulnerability from cvelistv5 – Published: 2023-12-29 09:31 – Updated: 2024-08-02 07:31
VLAI?
Title
Poly VVX 601 Web Configuration Application random values
Summary
A vulnerability classified as problematic has been found in Poly Trio 8300, Trio 8500, Trio 8800, Trio C60, CCX 350, CCX 400, CCX 500, CCX 505, CCX 600, CCX 700, EDGE E100, EDGE E220, EDGE E300, EDGE E320, EDGE E350, EDGE E400, EDGE E450, EDGE E500, EDGE E550, VVX 101, VVX 150, VVX 201, VVX 250, VVX 300, VVX 301, VVX 310, VVX 311, VVX 350, VVX 400, VVX 401, VVX 410, VVX 411, VVX 450, VVX 500, VVX 501, VVX 600 and VVX 601. This affects an unknown part of the component Web Configuration Application. The manipulation leads to insufficiently random values. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249255.
Severity ?
CWE
- CWE-330 - Insufficiently Random Values
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Poly | Trio 8300 |
Affected:
n/a
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Credits
Christoph Wolff
Pascal Zenker
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:31:05.383Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://vuldb.com/?id.249255"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.249255"
},
{
"tags": [
"related",
"x_transferred"
],
"url": "https://modzero.com/en/advisories/mz-23-01-poly-voip/"
},
{
"tags": [
"related",
"x_transferred"
],
"url": "https://support.hp.com/us-en/document/ish_9929296-9929329-16/hpsbpy03896"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/modzero/MZ-23-01-Poly-VoIP-Devices"
},
{
"tags": [
"related",
"x_transferred"
],
"url": "https://fahrplan.events.ccc.de/congress/2023/fahrplan/events/11919.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"modules": [
"Web Configuration Application"
],
"product": "Trio 8300",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Web Configuration Application"
],
"product": "Trio 8500",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Web Configuration Application"
],
"product": "Trio 8800",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Web Configuration Application"
],
"product": "Trio C60",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Web Configuration Application"
],
"product": "CCX 350",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Web Configuration Application"
],
"product": "CCX 400",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Web Configuration Application"
],
"product": "CCX 500",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Web Configuration Application"
],
"product": "CCX 505",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Web Configuration Application"
],
"product": "CCX 600",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Web Configuration Application"
],
"product": "CCX 700",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Web Configuration Application"
],
"product": "EDGE E100",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Web Configuration Application"
],
"product": "EDGE E220",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Web Configuration Application"
],
"product": "EDGE E300",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Web Configuration Application"
],
"product": "EDGE E320",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Web Configuration Application"
],
"product": "EDGE E350",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Web Configuration Application"
],
"product": "EDGE E400",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Web Configuration Application"
],
"product": "EDGE E450",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Web Configuration Application"
],
"product": "EDGE E500",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Web Configuration Application"
],
"product": "EDGE E550",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Web Configuration Application"
],
"product": "VVX 101",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Web Configuration Application"
],
"product": "VVX 150",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Web Configuration Application"
],
"product": "VVX 201",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Web Configuration Application"
],
"product": "VVX 250",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Web Configuration Application"
],
"product": "VVX 300",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Web Configuration Application"
],
"product": "VVX 301",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Web Configuration Application"
],
"product": "VVX 310",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Web Configuration Application"
],
"product": "VVX 311",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Web Configuration Application"
],
"product": "VVX 350",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Web Configuration Application"
],
"product": "VVX 400",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Web Configuration Application"
],
"product": "VVX 401",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Web Configuration Application"
],
"product": "VVX 410",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Web Configuration Application"
],
"product": "VVX 411",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Web Configuration Application"
],
"product": "VVX 450",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Web Configuration Application"
],
"product": "VVX 500",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Web Configuration Application"
],
"product": "VVX 501",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Web Configuration Application"
],
"product": "VVX 600",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Web Configuration Application"
],
"product": "VVX 601",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Christoph Wolff"
},
{
"lang": "en",
"type": "finder",
"value": "Pascal Zenker"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic has been found in Poly Trio 8300, Trio 8500, Trio 8800, Trio C60, CCX 350, CCX 400, CCX 500, CCX 505, CCX 600, CCX 700, EDGE E100, EDGE E220, EDGE E300, EDGE E320, EDGE E350, EDGE E400, EDGE E450, EDGE E500, EDGE E550, VVX 101, VVX 150, VVX 201, VVX 250, VVX 300, VVX 301, VVX 310, VVX 311, VVX 350, VVX 400, VVX 401, VVX 410, VVX 411, VVX 450, VVX 500, VVX 501, VVX 600 and VVX 601. This affects an unknown part of the component Web Configuration Application. The manipulation leads to insufficiently random values. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249255."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in Poly Trio 8300, Trio 8500, Trio 8800, Trio C60, CCX 350, CCX 400, CCX 500, CCX 505, CCX 600, CCX 700, EDGE E100, EDGE E220, EDGE E300, EDGE E320, EDGE E350, EDGE E400, EDGE E450, EDGE E500, EDGE E550, VVX 101, VVX 150, VVX 201, VVX 250, VVX 300, VVX 301, VVX 310, VVX 311, VVX 350, VVX 400, VVX 401, VVX 410, VVX 411, VVX 450, VVX 500, VVX 501, VVX 600 and VVX 601 entdeckt. Sie wurde als problematisch eingestuft. Es betrifft eine unbekannte Funktion der Komponente Web Configuration Application. Mittels Manipulieren mit unbekannten Daten kann eine insufficiently random values-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Sie ist schwierig auszunutzen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 2.6,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-330",
"description": "CWE-330 Insufficiently Random Values",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-09T16:16:14.573Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.249255"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.249255"
},
{
"tags": [
"related"
],
"url": "https://modzero.com/en/advisories/mz-23-01-poly-voip/"
},
{
"tags": [
"related"
],
"url": "https://support.hp.com/us-en/document/ish_9929296-9929329-16/hpsbpy03896"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/modzero/MZ-23-01-Poly-VoIP-Devices"
},
{
"tags": [
"related"
],
"url": "https://fahrplan.events.ccc.de/congress/2023/fahrplan/events/11919.html"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-12-29T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2023-12-29T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-01-09T17:18:45.000Z",
"value": "VulDB entry last update"
}
],
"title": "Poly VVX 601 Web Configuration Application random values"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2023-4462",
"datePublished": "2023-12-29T09:31:03.494Z",
"dateReserved": "2023-08-21T17:03:39.985Z",
"dateUpdated": "2024-08-02T07:31:05.383Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4465 (GCVE-0-2023-4465)
Vulnerability from nvd – Published: 2023-12-29 09:37 – Updated: 2024-08-02 07:31
VLAI?
Title
Poly VVX 601 Configuration File Import unverified password change
Summary
A vulnerability, which was classified as problematic, was found in Poly Trio 8300, Trio 8500, Trio 8800, Trio C60, CCX 350, CCX 400, CCX 500, CCX 505, CCX 600, CCX 700, EDGE E100, EDGE E220, EDGE E300, EDGE E320, EDGE E350, EDGE E400, EDGE E450, EDGE E500, EDGE E550, VVX 101, VVX 150, VVX 201, VVX 250, VVX 300, VVX 301, VVX 310, VVX 311, VVX 350, VVX 400, VVX 401, VVX 410, VVX 411, VVX 450, VVX 500, VVX 501, VVX 600 and VVX 601. Affected is an unknown function of the component Configuration File Import. The manipulation of the argument device.auth.localAdminPassword leads to unverified password change. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-249258 is the identifier assigned to this vulnerability.
Severity ?
CWE
- CWE-620 - Unverified Password Change
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Poly | Trio 8300 |
Affected:
n/a
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Credits
Christoph Wolff
Pascal Zenker
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:31:05.490Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.249258"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.249258"
},
{
"tags": [
"related",
"x_transferred"
],
"url": "https://modzero.com/en/advisories/mz-23-01-poly-voip/"
},
{
"tags": [
"related",
"x_transferred"
],
"url": "https://support.hp.com/us-en/document/ish_9929371-9929407-16/hpsbpy03899"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/modzero/MZ-23-01-Poly-VoIP-Devices"
},
{
"tags": [
"related",
"x_transferred"
],
"url": "https://fahrplan.events.ccc.de/congress/2023/fahrplan/events/11919.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"modules": [
"Configuration File Import"
],
"product": "Trio 8300",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "Trio 8500",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "Trio 8800",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "Trio C60",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "CCX 350",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "CCX 400",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "CCX 500",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "CCX 505",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "CCX 600",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "CCX 700",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "EDGE E100",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "EDGE E220",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "EDGE E300",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "EDGE E320",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "EDGE E350",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "EDGE E400",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "EDGE E450",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "EDGE E500",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "EDGE E550",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "VVX 101",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "VVX 150",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "VVX 201",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "VVX 250",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "VVX 300",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "VVX 301",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "VVX 310",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "VVX 311",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "VVX 350",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "VVX 400",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "VVX 401",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "VVX 410",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "VVX 411",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "VVX 450",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "VVX 500",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "VVX 501",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "VVX 600",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "VVX 601",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Christoph Wolff"
},
{
"lang": "en",
"type": "finder",
"value": "Pascal Zenker"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, was found in Poly Trio 8300, Trio 8500, Trio 8800, Trio C60, CCX 350, CCX 400, CCX 500, CCX 505, CCX 600, CCX 700, EDGE E100, EDGE E220, EDGE E300, EDGE E320, EDGE E350, EDGE E400, EDGE E450, EDGE E500, EDGE E550, VVX 101, VVX 150, VVX 201, VVX 250, VVX 300, VVX 301, VVX 310, VVX 311, VVX 350, VVX 400, VVX 401, VVX 410, VVX 411, VVX 450, VVX 500, VVX 501, VVX 600 and VVX 601. Affected is an unknown function of the component Configuration File Import. The manipulation of the argument device.auth.localAdminPassword leads to unverified password change. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-249258 is the identifier assigned to this vulnerability."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in Poly Trio 8300, Trio 8500, Trio 8800, Trio C60, CCX 350, CCX 400, CCX 500, CCX 505, CCX 600, CCX 700, EDGE E100, EDGE E220, EDGE E300, EDGE E320, EDGE E350, EDGE E400, EDGE E450, EDGE E500, EDGE E550, VVX 101, VVX 150, VVX 201, VVX 250, VVX 300, VVX 301, VVX 310, VVX 311, VVX 350, VVX 400, VVX 401, VVX 410, VVX 411, VVX 450, VVX 500, VVX 501, VVX 600 and VVX 601 gefunden. Sie wurde als problematisch eingestuft. Dabei betrifft es einen unbekannter Codeteil der Komponente Configuration File Import. Durch das Beeinflussen des Arguments device.auth.localAdminPassword mit unbekannten Daten kann eine unverified password change-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 2.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 2.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 3.3,
"vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-620",
"description": "CWE-620 Unverified Password Change",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-09T16:16:20.765Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.249258"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.249258"
},
{
"tags": [
"related"
],
"url": "https://modzero.com/en/advisories/mz-23-01-poly-voip/"
},
{
"tags": [
"related"
],
"url": "https://support.hp.com/us-en/document/ish_9929371-9929407-16/hpsbpy03899"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/modzero/MZ-23-01-Poly-VoIP-Devices"
},
{
"tags": [
"related"
],
"url": "https://fahrplan.events.ccc.de/congress/2023/fahrplan/events/11919.html"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-12-29T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2023-12-29T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-01-09T17:20:00.000Z",
"value": "VulDB entry last update"
}
],
"title": "Poly VVX 601 Configuration File Import unverified password change"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2023-4465",
"datePublished": "2023-12-29T09:37:59.607Z",
"dateReserved": "2023-08-21T17:03:52.457Z",
"dateUpdated": "2024-08-02T07:31:05.490Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4464 (GCVE-0-2023-4464)
Vulnerability from nvd – Published: 2023-12-29 09:37 – Updated: 2024-08-02 07:31
VLAI?
Title
Poly VVX 601 Diagnostic Telnet Mode os command injection
Summary
A vulnerability, which was classified as critical, has been found in Poly Trio 8300, Trio 8500, Trio 8800, Trio C60, CCX 350, CCX 400, CCX 500, CCX 505, CCX 600, CCX 700, EDGE E100, EDGE E220, EDGE E300, EDGE E320, EDGE E350, EDGE E400, EDGE E450, EDGE E500, EDGE E550, VVX 101, VVX 150, VVX 201, VVX 250, VVX 300, VVX 301, VVX 310, VVX 311, VVX 350, VVX 400, VVX 401, VVX 410, VVX 411, VVX 450, VVX 500, VVX 501, VVX 600 and VVX 601. This issue affects some unknown processing of the component Diagnostic Telnet Mode. The manipulation leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. The identifier VDB-249257 was assigned to this vulnerability.
Severity ?
7.2 (High)
7.2 (High)
CWE
- CWE-78 - OS Command Injection
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Poly | Trio 8300 |
Affected:
n/a
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Credits
Christoph Wolff
Pascal Zenker
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:31:05.501Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://vuldb.com/?id.249257"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.249257"
},
{
"tags": [
"related",
"x_transferred"
],
"url": "https://modzero.com/en/advisories/mz-23-01-poly-voip/"
},
{
"tags": [
"related",
"x_transferred"
],
"url": "https://support.hp.com/us-en/document/ish_9931565-9931594-16/hpsbpy03898"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/modzero/MZ-23-01-Poly-VoIP-Devices"
},
{
"tags": [
"related",
"x_transferred"
],
"url": "https://fahrplan.events.ccc.de/congress/2023/fahrplan/events/11919.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"modules": [
"Diagnostic Telnet Mode"
],
"product": "Trio 8300",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Diagnostic Telnet Mode"
],
"product": "Trio 8500",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Diagnostic Telnet Mode"
],
"product": "Trio 8800",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Diagnostic Telnet Mode"
],
"product": "Trio C60",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Diagnostic Telnet Mode"
],
"product": "CCX 350",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Diagnostic Telnet Mode"
],
"product": "CCX 400",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Diagnostic Telnet Mode"
],
"product": "CCX 500",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Diagnostic Telnet Mode"
],
"product": "CCX 505",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Diagnostic Telnet Mode"
],
"product": "CCX 600",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Diagnostic Telnet Mode"
],
"product": "CCX 700",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Diagnostic Telnet Mode"
],
"product": "EDGE E100",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Diagnostic Telnet Mode"
],
"product": "EDGE E220",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Diagnostic Telnet Mode"
],
"product": "EDGE E300",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Diagnostic Telnet Mode"
],
"product": "EDGE E320",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Diagnostic Telnet Mode"
],
"product": "EDGE E350",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Diagnostic Telnet Mode"
],
"product": "EDGE E400",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Diagnostic Telnet Mode"
],
"product": "EDGE E450",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Diagnostic Telnet Mode"
],
"product": "EDGE E500",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Diagnostic Telnet Mode"
],
"product": "EDGE E550",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Diagnostic Telnet Mode"
],
"product": "VVX 101",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Diagnostic Telnet Mode"
],
"product": "VVX 150",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Diagnostic Telnet Mode"
],
"product": "VVX 201",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Diagnostic Telnet Mode"
],
"product": "VVX 250",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Diagnostic Telnet Mode"
],
"product": "VVX 300",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Diagnostic Telnet Mode"
],
"product": "VVX 301",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Diagnostic Telnet Mode"
],
"product": "VVX 310",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Diagnostic Telnet Mode"
],
"product": "VVX 311",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Diagnostic Telnet Mode"
],
"product": "VVX 350",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Diagnostic Telnet Mode"
],
"product": "VVX 400",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Diagnostic Telnet Mode"
],
"product": "VVX 401",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Diagnostic Telnet Mode"
],
"product": "VVX 410",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Diagnostic Telnet Mode"
],
"product": "VVX 411",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Diagnostic Telnet Mode"
],
"product": "VVX 450",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Diagnostic Telnet Mode"
],
"product": "VVX 500",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Diagnostic Telnet Mode"
],
"product": "VVX 501",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Diagnostic Telnet Mode"
],
"product": "VVX 600",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Diagnostic Telnet Mode"
],
"product": "VVX 601",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Christoph Wolff"
},
{
"lang": "en",
"type": "finder",
"value": "Pascal Zenker"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in Poly Trio 8300, Trio 8500, Trio 8800, Trio C60, CCX 350, CCX 400, CCX 500, CCX 505, CCX 600, CCX 700, EDGE E100, EDGE E220, EDGE E300, EDGE E320, EDGE E350, EDGE E400, EDGE E450, EDGE E500, EDGE E550, VVX 101, VVX 150, VVX 201, VVX 250, VVX 300, VVX 301, VVX 310, VVX 311, VVX 350, VVX 400, VVX 401, VVX 410, VVX 411, VVX 450, VVX 500, VVX 501, VVX 600 and VVX 601. This issue affects some unknown processing of the component Diagnostic Telnet Mode. The manipulation leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. The identifier VDB-249257 was assigned to this vulnerability."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in Poly Trio 8300, Trio 8500, Trio 8800, Trio C60, CCX 350, CCX 400, CCX 500, CCX 505, CCX 600, CCX 700, EDGE E100, EDGE E220, EDGE E300, EDGE E320, EDGE E350, EDGE E400, EDGE E450, EDGE E500, EDGE E550, VVX 101, VVX 150, VVX 201, VVX 250, VVX 300, VVX 301, VVX 310, VVX 311, VVX 350, VVX 400, VVX 401, VVX 410, VVX 411, VVX 450, VVX 500, VVX 501, VVX 600 and VVX 601 entdeckt. Sie wurde als kritisch eingestuft. Dies betrifft einen unbekannten Teil der Komponente Diagnostic Telnet Mode. Durch Manipulieren mit unbekannten Daten kann eine os command injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 8.3,
"vectorString": "AV:N/AC:L/Au:M/C:C/I:C/A:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 OS Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-09T16:16:18.526Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.249257"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.249257"
},
{
"tags": [
"related"
],
"url": "https://modzero.com/en/advisories/mz-23-01-poly-voip/"
},
{
"tags": [
"related"
],
"url": "https://support.hp.com/us-en/document/ish_9931565-9931594-16/hpsbpy03898"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/modzero/MZ-23-01-Poly-VoIP-Devices"
},
{
"tags": [
"related"
],
"url": "https://fahrplan.events.ccc.de/congress/2023/fahrplan/events/11919.html"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-12-29T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2023-12-29T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-01-09T17:17:31.000Z",
"value": "VulDB entry last update"
}
],
"title": "Poly VVX 601 Diagnostic Telnet Mode os command injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2023-4464",
"datePublished": "2023-12-29T09:37:57.839Z",
"dateReserved": "2023-08-21T17:03:47.879Z",
"dateUpdated": "2024-08-02T07:31:05.501Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4462 (GCVE-0-2023-4462)
Vulnerability from nvd – Published: 2023-12-29 09:31 – Updated: 2024-08-02 07:31
VLAI?
Title
Poly VVX 601 Web Configuration Application random values
Summary
A vulnerability classified as problematic has been found in Poly Trio 8300, Trio 8500, Trio 8800, Trio C60, CCX 350, CCX 400, CCX 500, CCX 505, CCX 600, CCX 700, EDGE E100, EDGE E220, EDGE E300, EDGE E320, EDGE E350, EDGE E400, EDGE E450, EDGE E500, EDGE E550, VVX 101, VVX 150, VVX 201, VVX 250, VVX 300, VVX 301, VVX 310, VVX 311, VVX 350, VVX 400, VVX 401, VVX 410, VVX 411, VVX 450, VVX 500, VVX 501, VVX 600 and VVX 601. This affects an unknown part of the component Web Configuration Application. The manipulation leads to insufficiently random values. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249255.
Severity ?
CWE
- CWE-330 - Insufficiently Random Values
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Poly | Trio 8300 |
Affected:
n/a
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Credits
Christoph Wolff
Pascal Zenker
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:31:05.383Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://vuldb.com/?id.249255"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.249255"
},
{
"tags": [
"related",
"x_transferred"
],
"url": "https://modzero.com/en/advisories/mz-23-01-poly-voip/"
},
{
"tags": [
"related",
"x_transferred"
],
"url": "https://support.hp.com/us-en/document/ish_9929296-9929329-16/hpsbpy03896"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/modzero/MZ-23-01-Poly-VoIP-Devices"
},
{
"tags": [
"related",
"x_transferred"
],
"url": "https://fahrplan.events.ccc.de/congress/2023/fahrplan/events/11919.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"modules": [
"Web Configuration Application"
],
"product": "Trio 8300",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Web Configuration Application"
],
"product": "Trio 8500",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Web Configuration Application"
],
"product": "Trio 8800",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Web Configuration Application"
],
"product": "Trio C60",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Web Configuration Application"
],
"product": "CCX 350",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Web Configuration Application"
],
"product": "CCX 400",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Web Configuration Application"
],
"product": "CCX 500",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Web Configuration Application"
],
"product": "CCX 505",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Web Configuration Application"
],
"product": "CCX 600",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Web Configuration Application"
],
"product": "CCX 700",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Web Configuration Application"
],
"product": "EDGE E100",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Web Configuration Application"
],
"product": "EDGE E220",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Web Configuration Application"
],
"product": "EDGE E300",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Web Configuration Application"
],
"product": "EDGE E320",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Web Configuration Application"
],
"product": "EDGE E350",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Web Configuration Application"
],
"product": "EDGE E400",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Web Configuration Application"
],
"product": "EDGE E450",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Web Configuration Application"
],
"product": "EDGE E500",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Web Configuration Application"
],
"product": "EDGE E550",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Web Configuration Application"
],
"product": "VVX 101",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Web Configuration Application"
],
"product": "VVX 150",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Web Configuration Application"
],
"product": "VVX 201",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Web Configuration Application"
],
"product": "VVX 250",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Web Configuration Application"
],
"product": "VVX 300",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Web Configuration Application"
],
"product": "VVX 301",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Web Configuration Application"
],
"product": "VVX 310",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Web Configuration Application"
],
"product": "VVX 311",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Web Configuration Application"
],
"product": "VVX 350",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Web Configuration Application"
],
"product": "VVX 400",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Web Configuration Application"
],
"product": "VVX 401",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Web Configuration Application"
],
"product": "VVX 410",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Web Configuration Application"
],
"product": "VVX 411",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Web Configuration Application"
],
"product": "VVX 450",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Web Configuration Application"
],
"product": "VVX 500",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Web Configuration Application"
],
"product": "VVX 501",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Web Configuration Application"
],
"product": "VVX 600",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Web Configuration Application"
],
"product": "VVX 601",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Christoph Wolff"
},
{
"lang": "en",
"type": "finder",
"value": "Pascal Zenker"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic has been found in Poly Trio 8300, Trio 8500, Trio 8800, Trio C60, CCX 350, CCX 400, CCX 500, CCX 505, CCX 600, CCX 700, EDGE E100, EDGE E220, EDGE E300, EDGE E320, EDGE E350, EDGE E400, EDGE E450, EDGE E500, EDGE E550, VVX 101, VVX 150, VVX 201, VVX 250, VVX 300, VVX 301, VVX 310, VVX 311, VVX 350, VVX 400, VVX 401, VVX 410, VVX 411, VVX 450, VVX 500, VVX 501, VVX 600 and VVX 601. This affects an unknown part of the component Web Configuration Application. The manipulation leads to insufficiently random values. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249255."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in Poly Trio 8300, Trio 8500, Trio 8800, Trio C60, CCX 350, CCX 400, CCX 500, CCX 505, CCX 600, CCX 700, EDGE E100, EDGE E220, EDGE E300, EDGE E320, EDGE E350, EDGE E400, EDGE E450, EDGE E500, EDGE E550, VVX 101, VVX 150, VVX 201, VVX 250, VVX 300, VVX 301, VVX 310, VVX 311, VVX 350, VVX 400, VVX 401, VVX 410, VVX 411, VVX 450, VVX 500, VVX 501, VVX 600 and VVX 601 entdeckt. Sie wurde als problematisch eingestuft. Es betrifft eine unbekannte Funktion der Komponente Web Configuration Application. Mittels Manipulieren mit unbekannten Daten kann eine insufficiently random values-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Sie ist schwierig auszunutzen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 2.6,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-330",
"description": "CWE-330 Insufficiently Random Values",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-09T16:16:14.573Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.249255"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.249255"
},
{
"tags": [
"related"
],
"url": "https://modzero.com/en/advisories/mz-23-01-poly-voip/"
},
{
"tags": [
"related"
],
"url": "https://support.hp.com/us-en/document/ish_9929296-9929329-16/hpsbpy03896"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/modzero/MZ-23-01-Poly-VoIP-Devices"
},
{
"tags": [
"related"
],
"url": "https://fahrplan.events.ccc.de/congress/2023/fahrplan/events/11919.html"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-12-29T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2023-12-29T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-01-09T17:18:45.000Z",
"value": "VulDB entry last update"
}
],
"title": "Poly VVX 601 Web Configuration Application random values"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2023-4462",
"datePublished": "2023-12-29T09:31:03.494Z",
"dateReserved": "2023-08-21T17:03:39.985Z",
"dateUpdated": "2024-08-02T07:31:05.383Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}