Search criteria
15 vulnerabilities found for ccx_600_firmware by poly
FKIE_CVE-2023-4466
Vulnerability from fkie_nvd - Published: 2023-12-29 10:15 - Updated: 2024-11-21 08:35
Severity ?
2.7 (Low) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
Summary
A vulnerability has been found in Poly CCX 400, CCX 600, Trio 8800 and Trio C60 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Web Interface. The manipulation leads to protection mechanism failure. The attack can be launched remotely. The vendor explains that they do not regard this as a vulnerability as this is a feature that they offer to their customers who have a variety of environmental needs that are met through different firmware builds. To avoid potential roll-back attacks, they remove vulnerable builds from the public servers as a remediation effort. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249259.
References
| URL | Tags | ||
|---|---|---|---|
| cna@vuldb.com | https://fahrplan.events.ccc.de/congress/2023/fahrplan/events/11919.html | Not Applicable | |
| cna@vuldb.com | https://github.com/modzero/MZ-23-01-Poly-VoIP-Devices | ||
| cna@vuldb.com | https://modzero.com/en/advisories/mz-23-01-poly-voip/ | ||
| cna@vuldb.com | https://vuldb.com/?ctiid.249259 | Permissions Required, Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.249259 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://fahrplan.events.ccc.de/congress/2023/fahrplan/events/11919.html | Not Applicable | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/modzero/MZ-23-01-Poly-VoIP-Devices | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://modzero.com/en/advisories/mz-23-01-poly-voip/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?ctiid.249259 | Permissions Required, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?id.249259 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| poly | ccx_400_firmware | - | |
| poly | ccx_400 | - | |
| poly | ccx_600_firmware | - | |
| poly | ccx_600 | - | |
| poly | trio_8800_firmware | - | |
| poly | trio_8800 | - | |
| poly | trio_c60_firmware | - | |
| poly | trio_c60 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:poly:ccx_400_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E6EF5E6E-D387-4EB1-A533-C005F76F49E0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:poly:ccx_400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "74C09FB0-DC34-4F03-8560-B607FB8A5245",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:poly:ccx_600_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "37A9DF12-51BF-4E6A-B753-7481C95F22AD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:poly:ccx_600:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8F8D61E7-160F-4E4F-8C73-724DFF3F92C2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:poly:trio_8800_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6307C9DD-572F-44E4-ADCD-205CC1553774",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:poly:trio_8800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "39862A32-5AF6-41F9-9C25-9D68EB3784DC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:poly:trio_c60_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3CC00989-4E87-48F1-9EC9-53F0AB4F445C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:poly:trio_c60:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6CDD2376-BD9D-4B5E-B776-0F627D09E025",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in Poly CCX 400, CCX 600, Trio 8800 and Trio C60 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Web Interface. The manipulation leads to protection mechanism failure. The attack can be launched remotely. The vendor explains that they do not regard this as a vulnerability as this is a feature that they offer to their customers who have a variety of environmental needs that are met through different firmware builds. To avoid potential roll-back attacks, they remove vulnerable builds from the public servers as a remediation effort. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249259."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en Poly CCX 400, CCX 600, Trio 8800 y Trio C60 y clasificada como problem\u00e1tica. Una funci\u00f3n desconocida del componente Web Interface es afectada por esta vulnerabilidad. La manipulaci\u00f3n provoca el fallo del mecanismo de protecci\u00f3n. El ataque se puede lanzar de forma remota. El proveedor explica que no consideran esto como una vulnerabilidad, ya que es una caracter\u00edstica que ofrecen a sus clientes que tienen una variedad de necesidades ambientales que se satisfacen a trav\u00e9s de diferentes versiones de firmware. Para evitar posibles ataques de reversi\u00f3n, eliminan las compilaciones vulnerables de los servidores p\u00fablicos como esfuerzo de remediaci\u00f3n. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-249259."
}
],
"id": "CVE-2023-4466",
"lastModified": "2024-11-21T08:35:13.580",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "MULTIPLE",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.4,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "cna@vuldb.com",
"type": "Secondary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 1.4,
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-12-29T10:15:12.470",
"references": [
{
"source": "cna@vuldb.com",
"tags": [
"Not Applicable"
],
"url": "https://fahrplan.events.ccc.de/congress/2023/fahrplan/events/11919.html"
},
{
"source": "cna@vuldb.com",
"url": "https://github.com/modzero/MZ-23-01-Poly-VoIP-Devices"
},
{
"source": "cna@vuldb.com",
"url": "https://modzero.com/en/advisories/mz-23-01-poly-voip/"
},
{
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?ctiid.249259"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?id.249259"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "https://fahrplan.events.ccc.de/congress/2023/fahrplan/events/11919.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/modzero/MZ-23-01-Poly-VoIP-Devices"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://modzero.com/en/advisories/mz-23-01-poly-voip/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?ctiid.249259"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?id.249259"
}
],
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-693"
}
],
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2023-4465
Vulnerability from fkie_nvd - Published: 2023-12-29 10:15 - Updated: 2024-11-21 08:35
Severity ?
2.7 (Low) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Summary
A vulnerability, which was classified as problematic, was found in Poly Trio 8300, Trio 8500, Trio 8800, Trio C60, CCX 350, CCX 400, CCX 500, CCX 505, CCX 600, CCX 700, EDGE E100, EDGE E220, EDGE E300, EDGE E320, EDGE E350, EDGE E400, EDGE E450, EDGE E500, EDGE E550, VVX 101, VVX 150, VVX 201, VVX 250, VVX 300, VVX 301, VVX 310, VVX 311, VVX 350, VVX 400, VVX 401, VVX 410, VVX 411, VVX 450, VVX 500, VVX 501, VVX 600 and VVX 601. Affected is an unknown function of the component Configuration File Import. The manipulation of the argument device.auth.localAdminPassword leads to unverified password change. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-249258 is the identifier assigned to this vulnerability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| poly | ccx_400_firmware | - | |
| poly | ccx_400 | - | |
| poly | ccx_600_firmware | - | |
| poly | ccx_600 | - | |
| poly | trio_8800_firmware | - | |
| poly | trio_8800 | - | |
| poly | trio_c60_firmware | - | |
| poly | trio_c60 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:poly:ccx_400_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E6EF5E6E-D387-4EB1-A533-C005F76F49E0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:poly:ccx_400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "74C09FB0-DC34-4F03-8560-B607FB8A5245",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:poly:ccx_600_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "37A9DF12-51BF-4E6A-B753-7481C95F22AD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:poly:ccx_600:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8F8D61E7-160F-4E4F-8C73-724DFF3F92C2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:poly:trio_8800_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6307C9DD-572F-44E4-ADCD-205CC1553774",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:poly:trio_8800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "39862A32-5AF6-41F9-9C25-9D68EB3784DC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:poly:trio_c60_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3CC00989-4E87-48F1-9EC9-53F0AB4F445C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:poly:trio_c60:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6CDD2376-BD9D-4B5E-B776-0F627D09E025",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, was found in Poly Trio 8300, Trio 8500, Trio 8800, Trio C60, CCX 350, CCX 400, CCX 500, CCX 505, CCX 600, CCX 700, EDGE E100, EDGE E220, EDGE E300, EDGE E320, EDGE E350, EDGE E400, EDGE E450, EDGE E500, EDGE E550, VVX 101, VVX 150, VVX 201, VVX 250, VVX 300, VVX 301, VVX 310, VVX 311, VVX 350, VVX 400, VVX 401, VVX 410, VVX 411, VVX 450, VVX 500, VVX 501, VVX 600 and VVX 601. Affected is an unknown function of the component Configuration File Import. The manipulation of the argument device.auth.localAdminPassword leads to unverified password change. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-249258 is the identifier assigned to this vulnerability."
},
{
"lang": "es",
"value": "Una vulnerabilidad clasificada como problem\u00e1tica fue encontrada en Poly CCX 400, CCX 600, Trio 8800 y Trio C60. Una funci\u00f3n desconocida del componente Configuration File Import es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento device.auth.localAdminPassword conduce a un cambio de contrase\u00f1a no verificado. Es posible lanzar el ataque de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. VDB-249258 es el identificador asignado a esta vulnerabilidad."
}
],
"id": "CVE-2023-4465",
"lastModified": "2024-11-21T08:35:13.393",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "MULTIPLE",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.4,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "cna@vuldb.com",
"type": "Secondary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 1.4,
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-12-29T10:15:12.133",
"references": [
{
"source": "cna@vuldb.com",
"tags": [
"Not Applicable"
],
"url": "https://fahrplan.events.ccc.de/congress/2023/fahrplan/events/11919.html"
},
{
"source": "cna@vuldb.com",
"url": "https://github.com/modzero/MZ-23-01-Poly-VoIP-Devices"
},
{
"source": "cna@vuldb.com",
"url": "https://modzero.com/en/advisories/mz-23-01-poly-voip/"
},
{
"source": "cna@vuldb.com",
"url": "https://support.hp.com/us-en/document/ish_9929371-9929407-16/hpsbpy03899"
},
{
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?ctiid.249258"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?id.249258"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "https://fahrplan.events.ccc.de/congress/2023/fahrplan/events/11919.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/modzero/MZ-23-01-Poly-VoIP-Devices"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://modzero.com/en/advisories/mz-23-01-poly-voip/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.hp.com/us-en/document/ish_9929371-9929407-16/hpsbpy03899"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?ctiid.249258"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?id.249258"
}
],
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-620"
}
],
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2023-4464
Vulnerability from fkie_nvd - Published: 2023-12-29 10:15 - Updated: 2024-11-21 08:35
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability, which was classified as critical, has been found in Poly Trio 8300, Trio 8500, Trio 8800, Trio C60, CCX 350, CCX 400, CCX 500, CCX 505, CCX 600, CCX 700, EDGE E100, EDGE E220, EDGE E300, EDGE E320, EDGE E350, EDGE E400, EDGE E450, EDGE E500, EDGE E550, VVX 101, VVX 150, VVX 201, VVX 250, VVX 300, VVX 301, VVX 310, VVX 311, VVX 350, VVX 400, VVX 401, VVX 410, VVX 411, VVX 450, VVX 500, VVX 501, VVX 600 and VVX 601. This issue affects some unknown processing of the component Diagnostic Telnet Mode. The manipulation leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. The identifier VDB-249257 was assigned to this vulnerability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| poly | ccx_400_firmware | - | |
| poly | ccx_400 | - | |
| poly | ccx_600_firmware | - | |
| poly | ccx_600 | - | |
| poly | trio_8800_firmware | - | |
| poly | trio_8800 | - | |
| poly | trio_c60_firmware | - | |
| poly | trio_c60 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:poly:ccx_400_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E6EF5E6E-D387-4EB1-A533-C005F76F49E0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:poly:ccx_400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "74C09FB0-DC34-4F03-8560-B607FB8A5245",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:poly:ccx_600_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "37A9DF12-51BF-4E6A-B753-7481C95F22AD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:poly:ccx_600:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8F8D61E7-160F-4E4F-8C73-724DFF3F92C2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:poly:trio_8800_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6307C9DD-572F-44E4-ADCD-205CC1553774",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:poly:trio_8800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "39862A32-5AF6-41F9-9C25-9D68EB3784DC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:poly:trio_c60_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3CC00989-4E87-48F1-9EC9-53F0AB4F445C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:poly:trio_c60:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6CDD2376-BD9D-4B5E-B776-0F627D09E025",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in Poly Trio 8300, Trio 8500, Trio 8800, Trio C60, CCX 350, CCX 400, CCX 500, CCX 505, CCX 600, CCX 700, EDGE E100, EDGE E220, EDGE E300, EDGE E320, EDGE E350, EDGE E400, EDGE E450, EDGE E500, EDGE E550, VVX 101, VVX 150, VVX 201, VVX 250, VVX 300, VVX 301, VVX 310, VVX 311, VVX 350, VVX 400, VVX 401, VVX 410, VVX 411, VVX 450, VVX 500, VVX 501, VVX 600 and VVX 601. This issue affects some unknown processing of the component Diagnostic Telnet Mode. The manipulation leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. The identifier VDB-249257 was assigned to this vulnerability."
},
{
"lang": "es",
"value": "Una vulnerabilidad clasificada como cr\u00edtica fue encontrada en Poly CCX 400, CCX 600, Trio 8800 y Trio C60. Este problema afecta un procesamiento desconocido del componente Diagnostic Telnet Mode. La manipulaci\u00f3n conduce a la inyecci\u00f3n de comandos del sistema operativo. El ataque puede iniciarse de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. Se recomienda actualizar el componente afectado. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-249257."
}
],
"id": "CVE-2023-4464",
"lastModified": "2024-11-21T08:35:13.217",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "MULTIPLE",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:M/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 6.4,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "cna@vuldb.com",
"type": "Secondary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-12-29T10:15:11.750",
"references": [
{
"source": "cna@vuldb.com",
"tags": [
"Not Applicable"
],
"url": "https://fahrplan.events.ccc.de/congress/2023/fahrplan/events/11919.html"
},
{
"source": "cna@vuldb.com",
"url": "https://github.com/modzero/MZ-23-01-Poly-VoIP-Devices"
},
{
"source": "cna@vuldb.com",
"url": "https://modzero.com/en/advisories/mz-23-01-poly-voip/"
},
{
"source": "cna@vuldb.com",
"url": "https://support.hp.com/us-en/document/ish_9931565-9931594-16/hpsbpy03898"
},
{
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?ctiid.249257"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?id.249257"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "https://fahrplan.events.ccc.de/congress/2023/fahrplan/events/11919.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/modzero/MZ-23-01-Poly-VoIP-Devices"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://modzero.com/en/advisories/mz-23-01-poly-voip/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.hp.com/us-en/document/ish_9931565-9931594-16/hpsbpy03898"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?ctiid.249257"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?id.249257"
}
],
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2023-4463
Vulnerability from fkie_nvd - Published: 2023-12-29 10:15 - Updated: 2024-11-21 08:35
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
A vulnerability classified as problematic was found in Poly CCX 400, CCX 600, Trio 8800 and Trio C60. This vulnerability affects unknown code of the component HTTP Header Handler. The manipulation of the argument Cookie leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249256.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| poly | ccx_400_firmware | - | |
| poly | ccx_400 | - | |
| poly | ccx_600_firmware | - | |
| poly | ccx_600 | - | |
| poly | trio_8800_firmware | - | |
| poly | trio_8800 | - | |
| poly | trio_c60_firmware | - | |
| poly | trio_c60 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:poly:ccx_400_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E6EF5E6E-D387-4EB1-A533-C005F76F49E0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:poly:ccx_400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "74C09FB0-DC34-4F03-8560-B607FB8A5245",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:poly:ccx_600_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "37A9DF12-51BF-4E6A-B753-7481C95F22AD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:poly:ccx_600:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8F8D61E7-160F-4E4F-8C73-724DFF3F92C2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:poly:trio_8800_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6307C9DD-572F-44E4-ADCD-205CC1553774",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:poly:trio_8800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "39862A32-5AF6-41F9-9C25-9D68EB3784DC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:poly:trio_c60_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3CC00989-4E87-48F1-9EC9-53F0AB4F445C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:poly:trio_c60:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6CDD2376-BD9D-4B5E-B776-0F627D09E025",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic was found in Poly CCX 400, CCX 600, Trio 8800 and Trio C60. This vulnerability affects unknown code of the component HTTP Header Handler. The manipulation of the argument Cookie leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249256."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en Poly CCX 400, CCX 600, Trio 8800 y Trio C60 y clasificada como problem\u00e1tica. C\u00f3digo desconocido del componente HTTP Header Handler es afectado por esta vulnerabilidad. La manipulaci\u00f3n del argumento Cookie conduce a la denegaci\u00f3n de servicio. El ataque se puede iniciar de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. El identificador de esta vulnerabilidad es VDB-249256."
}
],
"id": "CVE-2023-4463",
"lastModified": "2024-11-21T08:35:13.043",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "cna@vuldb.com",
"type": "Secondary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-12-29T10:15:11.413",
"references": [
{
"source": "cna@vuldb.com",
"tags": [
"Not Applicable"
],
"url": "https://fahrplan.events.ccc.de/congress/2023/fahrplan/events/11919.html"
},
{
"source": "cna@vuldb.com",
"url": "https://github.com/modzero/MZ-23-01-Poly-VoIP-Devices"
},
{
"source": "cna@vuldb.com",
"url": "https://modzero.com/en/advisories/mz-23-01-poly-voip/"
},
{
"source": "cna@vuldb.com",
"tags": [
"Permissions Required"
],
"url": "https://vuldb.com/?ctiid.249256"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
],
"url": "https://vuldb.com/?id.249256"
},
{
"source": "nvd@nist.gov",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://modzero.com/en/blog/multiple-vulnerabilities-in-poly-products/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "https://fahrplan.events.ccc.de/congress/2023/fahrplan/events/11919.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/modzero/MZ-23-01-Poly-VoIP-Devices"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://modzero.com/en/advisories/mz-23-01-poly-voip/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "https://vuldb.com/?ctiid.249256"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://vuldb.com/?id.249256"
}
],
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-404"
}
],
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2023-4462
Vulnerability from fkie_nvd - Published: 2023-12-29 10:15 - Updated: 2024-11-21 08:35
Severity ?
3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
A vulnerability classified as problematic has been found in Poly Trio 8300, Trio 8500, Trio 8800, Trio C60, CCX 350, CCX 400, CCX 500, CCX 505, CCX 600, CCX 700, EDGE E100, EDGE E220, EDGE E300, EDGE E320, EDGE E350, EDGE E400, EDGE E450, EDGE E500, EDGE E550, VVX 101, VVX 150, VVX 201, VVX 250, VVX 300, VVX 301, VVX 310, VVX 311, VVX 350, VVX 400, VVX 401, VVX 410, VVX 411, VVX 450, VVX 500, VVX 501, VVX 600 and VVX 601. This affects an unknown part of the component Web Configuration Application. The manipulation leads to insufficiently random values. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249255.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| poly | ccx_400_firmware | - | |
| poly | ccx_400 | - | |
| poly | ccx_600_firmware | - | |
| poly | ccx_600 | - | |
| poly | trio_8800_firmware | - | |
| poly | trio_8800 | - | |
| poly | trio_c60_firmware | - | |
| poly | trio_c60 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:poly:ccx_400_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E6EF5E6E-D387-4EB1-A533-C005F76F49E0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:poly:ccx_400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "74C09FB0-DC34-4F03-8560-B607FB8A5245",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:poly:ccx_600_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "37A9DF12-51BF-4E6A-B753-7481C95F22AD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:poly:ccx_600:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8F8D61E7-160F-4E4F-8C73-724DFF3F92C2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:poly:trio_8800_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6307C9DD-572F-44E4-ADCD-205CC1553774",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:poly:trio_8800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "39862A32-5AF6-41F9-9C25-9D68EB3784DC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:poly:trio_c60_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3CC00989-4E87-48F1-9EC9-53F0AB4F445C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:poly:trio_c60:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6CDD2376-BD9D-4B5E-B776-0F627D09E025",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic has been found in Poly Trio 8300, Trio 8500, Trio 8800, Trio C60, CCX 350, CCX 400, CCX 500, CCX 505, CCX 600, CCX 700, EDGE E100, EDGE E220, EDGE E300, EDGE E320, EDGE E350, EDGE E400, EDGE E450, EDGE E500, EDGE E550, VVX 101, VVX 150, VVX 201, VVX 250, VVX 300, VVX 301, VVX 310, VVX 311, VVX 350, VVX 400, VVX 401, VVX 410, VVX 411, VVX 450, VVX 500, VVX 501, VVX 600 and VVX 601. This affects an unknown part of the component Web Configuration Application. The manipulation leads to insufficiently random values. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249255."
},
{
"lang": "es",
"value": "Una vulnerabilidad ha sido encontrada en Poly CCX 400, CCX 600, Trio 8800 y Trio C60 y clasificada como problem\u00e1tica. Una parte desconocida del componente Web Configuration Application afecta a una parte desconocida. La manipulaci\u00f3n conduce a valores insuficientemente aleatorios. Es posible iniciar el ataque de forma remota. La complejidad de un ataque es bastante alta. Se dice que la explotabilidad es dif\u00edcil. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-249255."
}
],
"id": "CVE-2023-4462",
"lastModified": "2024-11-21T08:35:12.827",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "cna@vuldb.com",
"type": "Secondary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 1.4,
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-12-29T10:15:11.100",
"references": [
{
"source": "cna@vuldb.com",
"tags": [
"Not Applicable"
],
"url": "https://fahrplan.events.ccc.de/congress/2023/fahrplan/events/11919.html"
},
{
"source": "cna@vuldb.com",
"url": "https://github.com/modzero/MZ-23-01-Poly-VoIP-Devices"
},
{
"source": "cna@vuldb.com",
"url": "https://modzero.com/en/advisories/mz-23-01-poly-voip/"
},
{
"source": "cna@vuldb.com",
"url": "https://support.hp.com/us-en/document/ish_9929296-9929329-16/hpsbpy03896"
},
{
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "https://vuldb.com/?ctiid.249255"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
],
"url": "https://vuldb.com/?id.249255"
},
{
"source": "nvd@nist.gov",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://modzero.com/en/blog/multiple-vulnerabilities-in-poly-products/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "https://fahrplan.events.ccc.de/congress/2023/fahrplan/events/11919.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/modzero/MZ-23-01-Poly-VoIP-Devices"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://modzero.com/en/advisories/mz-23-01-poly-voip/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.hp.com/us-en/document/ish_9929296-9929329-16/hpsbpy03896"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "https://vuldb.com/?ctiid.249255"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://vuldb.com/?id.249255"
}
],
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-330"
}
],
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
}
CVE-2023-4466 (GCVE-0-2023-4466)
Vulnerability from cvelistv5 – Published: 2023-12-29 09:38 – Updated: 2024-08-02 07:31
VLAI?
Title
Poly CCX 400/CCX 600/Trio 8800/Trio C60 Web Interface protection mechanism
Summary
A vulnerability has been found in Poly CCX 400, CCX 600, Trio 8800 and Trio C60 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Web Interface. The manipulation leads to protection mechanism failure. The attack can be launched remotely. The vendor explains that they do not regard this as a vulnerability as this is a feature that they offer to their customers who have a variety of environmental needs that are met through different firmware builds. To avoid potential roll-back attacks, they remove vulnerable builds from the public servers as a remediation effort. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249259.
Severity ?
CWE
- CWE-693 - Protection Mechanism Failure
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
Credits
Christoph Wolff
Pascal Zenker
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:31:05.363Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://vuldb.com/?id.249259"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.249259"
},
{
"tags": [
"related",
"x_transferred"
],
"url": "https://modzero.com/en/advisories/mz-23-01-poly-voip/"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/modzero/MZ-23-01-Poly-VoIP-Devices"
},
{
"tags": [
"related",
"x_transferred"
],
"url": "https://fahrplan.events.ccc.de/congress/2023/fahrplan/events/11919.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"modules": [
"Web Interface"
],
"product": "CCX 400",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Web Interface"
],
"product": "CCX 600",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Web Interface"
],
"product": "Trio 8800",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Web Interface"
],
"product": "Trio C60",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Christoph Wolff"
},
{
"lang": "en",
"type": "finder",
"value": "Pascal Zenker"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in Poly CCX 400, CCX 600, Trio 8800 and Trio C60 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Web Interface. The manipulation leads to protection mechanism failure. The attack can be launched remotely. The vendor explains that they do not regard this as a vulnerability as this is a feature that they offer to their customers who have a variety of environmental needs that are met through different firmware builds. To avoid potential roll-back attacks, they remove vulnerable builds from the public servers as a remediation effort. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249259."
},
{
"lang": "de",
"value": "In Poly CCX 400, CCX 600, Trio 8800 and Trio C60 wurde eine Schwachstelle gefunden. Sie wurde als problematisch eingestuft. Hierbei betrifft es unbekannten Programmcode der Komponente Web Interface. Durch Beeinflussen mit unbekannten Daten kann eine protection mechanism failure-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 2.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 2.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 3.3,
"vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-693",
"description": "CWE-693 Protection Mechanism Failure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-09T16:16:22.625Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.249259"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.249259"
},
{
"tags": [
"related"
],
"url": "https://modzero.com/en/advisories/mz-23-01-poly-voip/"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/modzero/MZ-23-01-Poly-VoIP-Devices"
},
{
"tags": [
"related"
],
"url": "https://fahrplan.events.ccc.de/congress/2023/fahrplan/events/11919.html"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-12-29T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2023-12-29T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-01-09T17:12:50.000Z",
"value": "VulDB entry last update"
}
],
"title": "Poly CCX 400/CCX 600/Trio 8800/Trio C60 Web Interface protection mechanism"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2023-4466",
"datePublished": "2023-12-29T09:38:01.706Z",
"dateReserved": "2023-08-21T17:03:57.119Z",
"dateUpdated": "2024-08-02T07:31:05.363Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4465 (GCVE-0-2023-4465)
Vulnerability from cvelistv5 – Published: 2023-12-29 09:37 – Updated: 2024-08-02 07:31
VLAI?
Title
Poly VVX 601 Configuration File Import unverified password change
Summary
A vulnerability, which was classified as problematic, was found in Poly Trio 8300, Trio 8500, Trio 8800, Trio C60, CCX 350, CCX 400, CCX 500, CCX 505, CCX 600, CCX 700, EDGE E100, EDGE E220, EDGE E300, EDGE E320, EDGE E350, EDGE E400, EDGE E450, EDGE E500, EDGE E550, VVX 101, VVX 150, VVX 201, VVX 250, VVX 300, VVX 301, VVX 310, VVX 311, VVX 350, VVX 400, VVX 401, VVX 410, VVX 411, VVX 450, VVX 500, VVX 501, VVX 600 and VVX 601. Affected is an unknown function of the component Configuration File Import. The manipulation of the argument device.auth.localAdminPassword leads to unverified password change. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-249258 is the identifier assigned to this vulnerability.
Severity ?
CWE
- CWE-620 - Unverified Password Change
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Poly | Trio 8300 |
Affected:
n/a
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Credits
Christoph Wolff
Pascal Zenker
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:31:05.490Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.249258"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.249258"
},
{
"tags": [
"related",
"x_transferred"
],
"url": "https://modzero.com/en/advisories/mz-23-01-poly-voip/"
},
{
"tags": [
"related",
"x_transferred"
],
"url": "https://support.hp.com/us-en/document/ish_9929371-9929407-16/hpsbpy03899"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/modzero/MZ-23-01-Poly-VoIP-Devices"
},
{
"tags": [
"related",
"x_transferred"
],
"url": "https://fahrplan.events.ccc.de/congress/2023/fahrplan/events/11919.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"modules": [
"Configuration File Import"
],
"product": "Trio 8300",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "Trio 8500",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "Trio 8800",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "Trio C60",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "CCX 350",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "CCX 400",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "CCX 500",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "CCX 505",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "CCX 600",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "CCX 700",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "EDGE E100",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "EDGE E220",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "EDGE E300",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "EDGE E320",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "EDGE E350",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "EDGE E400",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "EDGE E450",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "EDGE E500",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "EDGE E550",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "VVX 101",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "VVX 150",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "VVX 201",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "VVX 250",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "VVX 300",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "VVX 301",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "VVX 310",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "VVX 311",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "VVX 350",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "VVX 400",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "VVX 401",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "VVX 410",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "VVX 411",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "VVX 450",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "VVX 500",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "VVX 501",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "VVX 600",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "VVX 601",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Christoph Wolff"
},
{
"lang": "en",
"type": "finder",
"value": "Pascal Zenker"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, was found in Poly Trio 8300, Trio 8500, Trio 8800, Trio C60, CCX 350, CCX 400, CCX 500, CCX 505, CCX 600, CCX 700, EDGE E100, EDGE E220, EDGE E300, EDGE E320, EDGE E350, EDGE E400, EDGE E450, EDGE E500, EDGE E550, VVX 101, VVX 150, VVX 201, VVX 250, VVX 300, VVX 301, VVX 310, VVX 311, VVX 350, VVX 400, VVX 401, VVX 410, VVX 411, VVX 450, VVX 500, VVX 501, VVX 600 and VVX 601. Affected is an unknown function of the component Configuration File Import. The manipulation of the argument device.auth.localAdminPassword leads to unverified password change. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-249258 is the identifier assigned to this vulnerability."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in Poly Trio 8300, Trio 8500, Trio 8800, Trio C60, CCX 350, CCX 400, CCX 500, CCX 505, CCX 600, CCX 700, EDGE E100, EDGE E220, EDGE E300, EDGE E320, EDGE E350, EDGE E400, EDGE E450, EDGE E500, EDGE E550, VVX 101, VVX 150, VVX 201, VVX 250, VVX 300, VVX 301, VVX 310, VVX 311, VVX 350, VVX 400, VVX 401, VVX 410, VVX 411, VVX 450, VVX 500, VVX 501, VVX 600 and VVX 601 gefunden. Sie wurde als problematisch eingestuft. Dabei betrifft es einen unbekannter Codeteil der Komponente Configuration File Import. Durch das Beeinflussen des Arguments device.auth.localAdminPassword mit unbekannten Daten kann eine unverified password change-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 2.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 2.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 3.3,
"vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-620",
"description": "CWE-620 Unverified Password Change",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-09T16:16:20.765Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.249258"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.249258"
},
{
"tags": [
"related"
],
"url": "https://modzero.com/en/advisories/mz-23-01-poly-voip/"
},
{
"tags": [
"related"
],
"url": "https://support.hp.com/us-en/document/ish_9929371-9929407-16/hpsbpy03899"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/modzero/MZ-23-01-Poly-VoIP-Devices"
},
{
"tags": [
"related"
],
"url": "https://fahrplan.events.ccc.de/congress/2023/fahrplan/events/11919.html"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-12-29T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2023-12-29T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-01-09T17:20:00.000Z",
"value": "VulDB entry last update"
}
],
"title": "Poly VVX 601 Configuration File Import unverified password change"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2023-4465",
"datePublished": "2023-12-29T09:37:59.607Z",
"dateReserved": "2023-08-21T17:03:52.457Z",
"dateUpdated": "2024-08-02T07:31:05.490Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4464 (GCVE-0-2023-4464)
Vulnerability from cvelistv5 – Published: 2023-12-29 09:37 – Updated: 2024-08-02 07:31
VLAI?
Title
Poly VVX 601 Diagnostic Telnet Mode os command injection
Summary
A vulnerability, which was classified as critical, has been found in Poly Trio 8300, Trio 8500, Trio 8800, Trio C60, CCX 350, CCX 400, CCX 500, CCX 505, CCX 600, CCX 700, EDGE E100, EDGE E220, EDGE E300, EDGE E320, EDGE E350, EDGE E400, EDGE E450, EDGE E500, EDGE E550, VVX 101, VVX 150, VVX 201, VVX 250, VVX 300, VVX 301, VVX 310, VVX 311, VVX 350, VVX 400, VVX 401, VVX 410, VVX 411, VVX 450, VVX 500, VVX 501, VVX 600 and VVX 601. This issue affects some unknown processing of the component Diagnostic Telnet Mode. The manipulation leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. The identifier VDB-249257 was assigned to this vulnerability.
Severity ?
7.2 (High)
7.2 (High)
CWE
- CWE-78 - OS Command Injection
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Poly | Trio 8300 |
Affected:
n/a
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Credits
Christoph Wolff
Pascal Zenker
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:31:05.501Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://vuldb.com/?id.249257"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.249257"
},
{
"tags": [
"related",
"x_transferred"
],
"url": "https://modzero.com/en/advisories/mz-23-01-poly-voip/"
},
{
"tags": [
"related",
"x_transferred"
],
"url": "https://support.hp.com/us-en/document/ish_9931565-9931594-16/hpsbpy03898"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/modzero/MZ-23-01-Poly-VoIP-Devices"
},
{
"tags": [
"related",
"x_transferred"
],
"url": "https://fahrplan.events.ccc.de/congress/2023/fahrplan/events/11919.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"modules": [
"Diagnostic Telnet Mode"
],
"product": "Trio 8300",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Diagnostic Telnet Mode"
],
"product": "Trio 8500",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Diagnostic Telnet Mode"
],
"product": "Trio 8800",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Diagnostic Telnet Mode"
],
"product": "Trio C60",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Diagnostic Telnet Mode"
],
"product": "CCX 350",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Diagnostic Telnet Mode"
],
"product": "CCX 400",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Diagnostic Telnet Mode"
],
"product": "CCX 500",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Diagnostic Telnet Mode"
],
"product": "CCX 505",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Diagnostic Telnet Mode"
],
"product": "CCX 600",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Diagnostic Telnet Mode"
],
"product": "CCX 700",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Diagnostic Telnet Mode"
],
"product": "EDGE E100",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Diagnostic Telnet Mode"
],
"product": "EDGE E220",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Diagnostic Telnet Mode"
],
"product": "EDGE E300",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Diagnostic Telnet Mode"
],
"product": "EDGE E320",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Diagnostic Telnet Mode"
],
"product": "EDGE E350",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Diagnostic Telnet Mode"
],
"product": "EDGE E400",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Diagnostic Telnet Mode"
],
"product": "EDGE E450",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Diagnostic Telnet Mode"
],
"product": "EDGE E500",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Diagnostic Telnet Mode"
],
"product": "EDGE E550",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Diagnostic Telnet Mode"
],
"product": "VVX 101",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Diagnostic Telnet Mode"
],
"product": "VVX 150",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Diagnostic Telnet Mode"
],
"product": "VVX 201",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Diagnostic Telnet Mode"
],
"product": "VVX 250",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Diagnostic Telnet Mode"
],
"product": "VVX 300",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Diagnostic Telnet Mode"
],
"product": "VVX 301",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Diagnostic Telnet Mode"
],
"product": "VVX 310",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Diagnostic Telnet Mode"
],
"product": "VVX 311",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Diagnostic Telnet Mode"
],
"product": "VVX 350",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Diagnostic Telnet Mode"
],
"product": "VVX 400",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Diagnostic Telnet Mode"
],
"product": "VVX 401",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Diagnostic Telnet Mode"
],
"product": "VVX 410",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Diagnostic Telnet Mode"
],
"product": "VVX 411",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Diagnostic Telnet Mode"
],
"product": "VVX 450",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Diagnostic Telnet Mode"
],
"product": "VVX 500",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Diagnostic Telnet Mode"
],
"product": "VVX 501",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Diagnostic Telnet Mode"
],
"product": "VVX 600",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Diagnostic Telnet Mode"
],
"product": "VVX 601",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Christoph Wolff"
},
{
"lang": "en",
"type": "finder",
"value": "Pascal Zenker"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in Poly Trio 8300, Trio 8500, Trio 8800, Trio C60, CCX 350, CCX 400, CCX 500, CCX 505, CCX 600, CCX 700, EDGE E100, EDGE E220, EDGE E300, EDGE E320, EDGE E350, EDGE E400, EDGE E450, EDGE E500, EDGE E550, VVX 101, VVX 150, VVX 201, VVX 250, VVX 300, VVX 301, VVX 310, VVX 311, VVX 350, VVX 400, VVX 401, VVX 410, VVX 411, VVX 450, VVX 500, VVX 501, VVX 600 and VVX 601. This issue affects some unknown processing of the component Diagnostic Telnet Mode. The manipulation leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. The identifier VDB-249257 was assigned to this vulnerability."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in Poly Trio 8300, Trio 8500, Trio 8800, Trio C60, CCX 350, CCX 400, CCX 500, CCX 505, CCX 600, CCX 700, EDGE E100, EDGE E220, EDGE E300, EDGE E320, EDGE E350, EDGE E400, EDGE E450, EDGE E500, EDGE E550, VVX 101, VVX 150, VVX 201, VVX 250, VVX 300, VVX 301, VVX 310, VVX 311, VVX 350, VVX 400, VVX 401, VVX 410, VVX 411, VVX 450, VVX 500, VVX 501, VVX 600 and VVX 601 entdeckt. Sie wurde als kritisch eingestuft. Dies betrifft einen unbekannten Teil der Komponente Diagnostic Telnet Mode. Durch Manipulieren mit unbekannten Daten kann eine os command injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 8.3,
"vectorString": "AV:N/AC:L/Au:M/C:C/I:C/A:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 OS Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-09T16:16:18.526Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.249257"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.249257"
},
{
"tags": [
"related"
],
"url": "https://modzero.com/en/advisories/mz-23-01-poly-voip/"
},
{
"tags": [
"related"
],
"url": "https://support.hp.com/us-en/document/ish_9931565-9931594-16/hpsbpy03898"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/modzero/MZ-23-01-Poly-VoIP-Devices"
},
{
"tags": [
"related"
],
"url": "https://fahrplan.events.ccc.de/congress/2023/fahrplan/events/11919.html"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-12-29T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2023-12-29T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-01-09T17:17:31.000Z",
"value": "VulDB entry last update"
}
],
"title": "Poly VVX 601 Diagnostic Telnet Mode os command injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2023-4464",
"datePublished": "2023-12-29T09:37:57.839Z",
"dateReserved": "2023-08-21T17:03:47.879Z",
"dateUpdated": "2024-08-02T07:31:05.501Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4463 (GCVE-0-2023-4463)
Vulnerability from cvelistv5 – Published: 2023-12-29 09:37 – Updated: 2024-08-02 07:31
VLAI?
Title
Poly CCX 400/CCX 600/Trio 8800/Trio C60 HTTP Header denial of service
Summary
A vulnerability classified as problematic was found in Poly CCX 400, CCX 600, Trio 8800 and Trio C60. This vulnerability affects unknown code of the component HTTP Header Handler. The manipulation of the argument Cookie leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249256.
Severity ?
5.3 (Medium)
5.3 (Medium)
CWE
- CWE-404 - Denial of Service
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
Credits
Christoph Wolff
Pascal Zenker
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:31:05.440Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.249256"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.249256"
},
{
"tags": [
"related",
"x_transferred"
],
"url": "https://modzero.com/en/advisories/mz-23-01-poly-voip/"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/modzero/MZ-23-01-Poly-VoIP-Devices"
},
{
"tags": [
"related",
"x_transferred"
],
"url": "https://fahrplan.events.ccc.de/congress/2023/fahrplan/events/11919.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"modules": [
"HTTP Header Handler"
],
"product": "CCX 400",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"HTTP Header Handler"
],
"product": "CCX 600",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"HTTP Header Handler"
],
"product": "Trio 8800",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"HTTP Header Handler"
],
"product": "Trio C60",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Christoph Wolff"
},
{
"lang": "en",
"type": "finder",
"value": "Pascal Zenker"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic was found in Poly CCX 400, CCX 600, Trio 8800 and Trio C60. This vulnerability affects unknown code of the component HTTP Header Handler. The manipulation of the argument Cookie leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249256."
},
{
"lang": "de",
"value": "In Poly CCX 400, CCX 600, Trio 8800 and Trio C60 wurde eine Schwachstelle entdeckt. Sie wurde als problematisch eingestuft. Das betrifft eine unbekannte Funktionalit\u00e4t der Komponente HTTP Header Handler. Durch das Manipulieren des Arguments Cookie mit unbekannten Daten kann eine denial of service-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-404",
"description": "CWE-404 Denial of Service",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-09T16:16:16.427Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.249256"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.249256"
},
{
"tags": [
"related"
],
"url": "https://modzero.com/en/advisories/mz-23-01-poly-voip/"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/modzero/MZ-23-01-Poly-VoIP-Devices"
},
{
"tags": [
"related"
],
"url": "https://fahrplan.events.ccc.de/congress/2023/fahrplan/events/11919.html"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-12-29T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2023-12-29T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-01-09T17:12:39.000Z",
"value": "VulDB entry last update"
}
],
"title": "Poly CCX 400/CCX 600/Trio 8800/Trio C60 HTTP Header denial of service"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2023-4463",
"datePublished": "2023-12-29T09:37:55.980Z",
"dateReserved": "2023-08-21T17:03:42.507Z",
"dateUpdated": "2024-08-02T07:31:05.440Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4462 (GCVE-0-2023-4462)
Vulnerability from cvelistv5 – Published: 2023-12-29 09:31 – Updated: 2024-08-02 07:31
VLAI?
Title
Poly VVX 601 Web Configuration Application random values
Summary
A vulnerability classified as problematic has been found in Poly Trio 8300, Trio 8500, Trio 8800, Trio C60, CCX 350, CCX 400, CCX 500, CCX 505, CCX 600, CCX 700, EDGE E100, EDGE E220, EDGE E300, EDGE E320, EDGE E350, EDGE E400, EDGE E450, EDGE E500, EDGE E550, VVX 101, VVX 150, VVX 201, VVX 250, VVX 300, VVX 301, VVX 310, VVX 311, VVX 350, VVX 400, VVX 401, VVX 410, VVX 411, VVX 450, VVX 500, VVX 501, VVX 600 and VVX 601. This affects an unknown part of the component Web Configuration Application. The manipulation leads to insufficiently random values. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249255.
Severity ?
CWE
- CWE-330 - Insufficiently Random Values
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Poly | Trio 8300 |
Affected:
n/a
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Credits
Christoph Wolff
Pascal Zenker
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:31:05.383Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://vuldb.com/?id.249255"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.249255"
},
{
"tags": [
"related",
"x_transferred"
],
"url": "https://modzero.com/en/advisories/mz-23-01-poly-voip/"
},
{
"tags": [
"related",
"x_transferred"
],
"url": "https://support.hp.com/us-en/document/ish_9929296-9929329-16/hpsbpy03896"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/modzero/MZ-23-01-Poly-VoIP-Devices"
},
{
"tags": [
"related",
"x_transferred"
],
"url": "https://fahrplan.events.ccc.de/congress/2023/fahrplan/events/11919.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"modules": [
"Web Configuration Application"
],
"product": "Trio 8300",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Web Configuration Application"
],
"product": "Trio 8500",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Web Configuration Application"
],
"product": "Trio 8800",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Web Configuration Application"
],
"product": "Trio C60",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Web Configuration Application"
],
"product": "CCX 350",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Web Configuration Application"
],
"product": "CCX 400",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Web Configuration Application"
],
"product": "CCX 500",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Web Configuration Application"
],
"product": "CCX 505",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Web Configuration Application"
],
"product": "CCX 600",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Web Configuration Application"
],
"product": "CCX 700",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Web Configuration Application"
],
"product": "EDGE E100",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Web Configuration Application"
],
"product": "EDGE E220",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Web Configuration Application"
],
"product": "EDGE E300",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Web Configuration Application"
],
"product": "EDGE E320",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Web Configuration Application"
],
"product": "EDGE E350",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Web Configuration Application"
],
"product": "EDGE E400",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Web Configuration Application"
],
"product": "EDGE E450",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Web Configuration Application"
],
"product": "EDGE E500",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Web Configuration Application"
],
"product": "EDGE E550",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Web Configuration Application"
],
"product": "VVX 101",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Web Configuration Application"
],
"product": "VVX 150",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Web Configuration Application"
],
"product": "VVX 201",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Web Configuration Application"
],
"product": "VVX 250",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Web Configuration Application"
],
"product": "VVX 300",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Web Configuration Application"
],
"product": "VVX 301",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Web Configuration Application"
],
"product": "VVX 310",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Web Configuration Application"
],
"product": "VVX 311",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Web Configuration Application"
],
"product": "VVX 350",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Web Configuration Application"
],
"product": "VVX 400",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Web Configuration Application"
],
"product": "VVX 401",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Web Configuration Application"
],
"product": "VVX 410",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Web Configuration Application"
],
"product": "VVX 411",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Web Configuration Application"
],
"product": "VVX 450",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Web Configuration Application"
],
"product": "VVX 500",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Web Configuration Application"
],
"product": "VVX 501",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Web Configuration Application"
],
"product": "VVX 600",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Web Configuration Application"
],
"product": "VVX 601",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Christoph Wolff"
},
{
"lang": "en",
"type": "finder",
"value": "Pascal Zenker"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic has been found in Poly Trio 8300, Trio 8500, Trio 8800, Trio C60, CCX 350, CCX 400, CCX 500, CCX 505, CCX 600, CCX 700, EDGE E100, EDGE E220, EDGE E300, EDGE E320, EDGE E350, EDGE E400, EDGE E450, EDGE E500, EDGE E550, VVX 101, VVX 150, VVX 201, VVX 250, VVX 300, VVX 301, VVX 310, VVX 311, VVX 350, VVX 400, VVX 401, VVX 410, VVX 411, VVX 450, VVX 500, VVX 501, VVX 600 and VVX 601. This affects an unknown part of the component Web Configuration Application. The manipulation leads to insufficiently random values. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249255."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in Poly Trio 8300, Trio 8500, Trio 8800, Trio C60, CCX 350, CCX 400, CCX 500, CCX 505, CCX 600, CCX 700, EDGE E100, EDGE E220, EDGE E300, EDGE E320, EDGE E350, EDGE E400, EDGE E450, EDGE E500, EDGE E550, VVX 101, VVX 150, VVX 201, VVX 250, VVX 300, VVX 301, VVX 310, VVX 311, VVX 350, VVX 400, VVX 401, VVX 410, VVX 411, VVX 450, VVX 500, VVX 501, VVX 600 and VVX 601 entdeckt. Sie wurde als problematisch eingestuft. Es betrifft eine unbekannte Funktion der Komponente Web Configuration Application. Mittels Manipulieren mit unbekannten Daten kann eine insufficiently random values-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Sie ist schwierig auszunutzen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 2.6,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-330",
"description": "CWE-330 Insufficiently Random Values",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-09T16:16:14.573Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.249255"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.249255"
},
{
"tags": [
"related"
],
"url": "https://modzero.com/en/advisories/mz-23-01-poly-voip/"
},
{
"tags": [
"related"
],
"url": "https://support.hp.com/us-en/document/ish_9929296-9929329-16/hpsbpy03896"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/modzero/MZ-23-01-Poly-VoIP-Devices"
},
{
"tags": [
"related"
],
"url": "https://fahrplan.events.ccc.de/congress/2023/fahrplan/events/11919.html"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-12-29T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2023-12-29T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-01-09T17:18:45.000Z",
"value": "VulDB entry last update"
}
],
"title": "Poly VVX 601 Web Configuration Application random values"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2023-4462",
"datePublished": "2023-12-29T09:31:03.494Z",
"dateReserved": "2023-08-21T17:03:39.985Z",
"dateUpdated": "2024-08-02T07:31:05.383Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4466 (GCVE-0-2023-4466)
Vulnerability from nvd – Published: 2023-12-29 09:38 – Updated: 2024-08-02 07:31
VLAI?
Title
Poly CCX 400/CCX 600/Trio 8800/Trio C60 Web Interface protection mechanism
Summary
A vulnerability has been found in Poly CCX 400, CCX 600, Trio 8800 and Trio C60 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Web Interface. The manipulation leads to protection mechanism failure. The attack can be launched remotely. The vendor explains that they do not regard this as a vulnerability as this is a feature that they offer to their customers who have a variety of environmental needs that are met through different firmware builds. To avoid potential roll-back attacks, they remove vulnerable builds from the public servers as a remediation effort. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249259.
Severity ?
CWE
- CWE-693 - Protection Mechanism Failure
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
Credits
Christoph Wolff
Pascal Zenker
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:31:05.363Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://vuldb.com/?id.249259"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.249259"
},
{
"tags": [
"related",
"x_transferred"
],
"url": "https://modzero.com/en/advisories/mz-23-01-poly-voip/"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/modzero/MZ-23-01-Poly-VoIP-Devices"
},
{
"tags": [
"related",
"x_transferred"
],
"url": "https://fahrplan.events.ccc.de/congress/2023/fahrplan/events/11919.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"modules": [
"Web Interface"
],
"product": "CCX 400",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Web Interface"
],
"product": "CCX 600",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Web Interface"
],
"product": "Trio 8800",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Web Interface"
],
"product": "Trio C60",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Christoph Wolff"
},
{
"lang": "en",
"type": "finder",
"value": "Pascal Zenker"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in Poly CCX 400, CCX 600, Trio 8800 and Trio C60 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Web Interface. The manipulation leads to protection mechanism failure. The attack can be launched remotely. The vendor explains that they do not regard this as a vulnerability as this is a feature that they offer to their customers who have a variety of environmental needs that are met through different firmware builds. To avoid potential roll-back attacks, they remove vulnerable builds from the public servers as a remediation effort. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249259."
},
{
"lang": "de",
"value": "In Poly CCX 400, CCX 600, Trio 8800 and Trio C60 wurde eine Schwachstelle gefunden. Sie wurde als problematisch eingestuft. Hierbei betrifft es unbekannten Programmcode der Komponente Web Interface. Durch Beeinflussen mit unbekannten Daten kann eine protection mechanism failure-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 2.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 2.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 3.3,
"vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-693",
"description": "CWE-693 Protection Mechanism Failure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-09T16:16:22.625Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.249259"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.249259"
},
{
"tags": [
"related"
],
"url": "https://modzero.com/en/advisories/mz-23-01-poly-voip/"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/modzero/MZ-23-01-Poly-VoIP-Devices"
},
{
"tags": [
"related"
],
"url": "https://fahrplan.events.ccc.de/congress/2023/fahrplan/events/11919.html"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-12-29T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2023-12-29T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-01-09T17:12:50.000Z",
"value": "VulDB entry last update"
}
],
"title": "Poly CCX 400/CCX 600/Trio 8800/Trio C60 Web Interface protection mechanism"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2023-4466",
"datePublished": "2023-12-29T09:38:01.706Z",
"dateReserved": "2023-08-21T17:03:57.119Z",
"dateUpdated": "2024-08-02T07:31:05.363Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4465 (GCVE-0-2023-4465)
Vulnerability from nvd – Published: 2023-12-29 09:37 – Updated: 2024-08-02 07:31
VLAI?
Title
Poly VVX 601 Configuration File Import unverified password change
Summary
A vulnerability, which was classified as problematic, was found in Poly Trio 8300, Trio 8500, Trio 8800, Trio C60, CCX 350, CCX 400, CCX 500, CCX 505, CCX 600, CCX 700, EDGE E100, EDGE E220, EDGE E300, EDGE E320, EDGE E350, EDGE E400, EDGE E450, EDGE E500, EDGE E550, VVX 101, VVX 150, VVX 201, VVX 250, VVX 300, VVX 301, VVX 310, VVX 311, VVX 350, VVX 400, VVX 401, VVX 410, VVX 411, VVX 450, VVX 500, VVX 501, VVX 600 and VVX 601. Affected is an unknown function of the component Configuration File Import. The manipulation of the argument device.auth.localAdminPassword leads to unverified password change. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-249258 is the identifier assigned to this vulnerability.
Severity ?
CWE
- CWE-620 - Unverified Password Change
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Poly | Trio 8300 |
Affected:
n/a
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Credits
Christoph Wolff
Pascal Zenker
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:31:05.490Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.249258"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.249258"
},
{
"tags": [
"related",
"x_transferred"
],
"url": "https://modzero.com/en/advisories/mz-23-01-poly-voip/"
},
{
"tags": [
"related",
"x_transferred"
],
"url": "https://support.hp.com/us-en/document/ish_9929371-9929407-16/hpsbpy03899"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/modzero/MZ-23-01-Poly-VoIP-Devices"
},
{
"tags": [
"related",
"x_transferred"
],
"url": "https://fahrplan.events.ccc.de/congress/2023/fahrplan/events/11919.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"modules": [
"Configuration File Import"
],
"product": "Trio 8300",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "Trio 8500",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "Trio 8800",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "Trio C60",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "CCX 350",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "CCX 400",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "CCX 500",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "CCX 505",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "CCX 600",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "CCX 700",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "EDGE E100",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "EDGE E220",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "EDGE E300",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "EDGE E320",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "EDGE E350",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "EDGE E400",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "EDGE E450",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "EDGE E500",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "EDGE E550",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "VVX 101",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "VVX 150",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "VVX 201",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "VVX 250",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "VVX 300",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "VVX 301",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "VVX 310",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "VVX 311",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "VVX 350",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "VVX 400",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "VVX 401",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "VVX 410",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "VVX 411",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "VVX 450",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "VVX 500",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "VVX 501",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "VVX 600",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "VVX 601",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Christoph Wolff"
},
{
"lang": "en",
"type": "finder",
"value": "Pascal Zenker"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, was found in Poly Trio 8300, Trio 8500, Trio 8800, Trio C60, CCX 350, CCX 400, CCX 500, CCX 505, CCX 600, CCX 700, EDGE E100, EDGE E220, EDGE E300, EDGE E320, EDGE E350, EDGE E400, EDGE E450, EDGE E500, EDGE E550, VVX 101, VVX 150, VVX 201, VVX 250, VVX 300, VVX 301, VVX 310, VVX 311, VVX 350, VVX 400, VVX 401, VVX 410, VVX 411, VVX 450, VVX 500, VVX 501, VVX 600 and VVX 601. Affected is an unknown function of the component Configuration File Import. The manipulation of the argument device.auth.localAdminPassword leads to unverified password change. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-249258 is the identifier assigned to this vulnerability."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in Poly Trio 8300, Trio 8500, Trio 8800, Trio C60, CCX 350, CCX 400, CCX 500, CCX 505, CCX 600, CCX 700, EDGE E100, EDGE E220, EDGE E300, EDGE E320, EDGE E350, EDGE E400, EDGE E450, EDGE E500, EDGE E550, VVX 101, VVX 150, VVX 201, VVX 250, VVX 300, VVX 301, VVX 310, VVX 311, VVX 350, VVX 400, VVX 401, VVX 410, VVX 411, VVX 450, VVX 500, VVX 501, VVX 600 and VVX 601 gefunden. Sie wurde als problematisch eingestuft. Dabei betrifft es einen unbekannter Codeteil der Komponente Configuration File Import. Durch das Beeinflussen des Arguments device.auth.localAdminPassword mit unbekannten Daten kann eine unverified password change-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 2.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 2.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 3.3,
"vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-620",
"description": "CWE-620 Unverified Password Change",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-09T16:16:20.765Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.249258"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.249258"
},
{
"tags": [
"related"
],
"url": "https://modzero.com/en/advisories/mz-23-01-poly-voip/"
},
{
"tags": [
"related"
],
"url": "https://support.hp.com/us-en/document/ish_9929371-9929407-16/hpsbpy03899"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/modzero/MZ-23-01-Poly-VoIP-Devices"
},
{
"tags": [
"related"
],
"url": "https://fahrplan.events.ccc.de/congress/2023/fahrplan/events/11919.html"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-12-29T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2023-12-29T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-01-09T17:20:00.000Z",
"value": "VulDB entry last update"
}
],
"title": "Poly VVX 601 Configuration File Import unverified password change"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2023-4465",
"datePublished": "2023-12-29T09:37:59.607Z",
"dateReserved": "2023-08-21T17:03:52.457Z",
"dateUpdated": "2024-08-02T07:31:05.490Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4464 (GCVE-0-2023-4464)
Vulnerability from nvd – Published: 2023-12-29 09:37 – Updated: 2024-08-02 07:31
VLAI?
Title
Poly VVX 601 Diagnostic Telnet Mode os command injection
Summary
A vulnerability, which was classified as critical, has been found in Poly Trio 8300, Trio 8500, Trio 8800, Trio C60, CCX 350, CCX 400, CCX 500, CCX 505, CCX 600, CCX 700, EDGE E100, EDGE E220, EDGE E300, EDGE E320, EDGE E350, EDGE E400, EDGE E450, EDGE E500, EDGE E550, VVX 101, VVX 150, VVX 201, VVX 250, VVX 300, VVX 301, VVX 310, VVX 311, VVX 350, VVX 400, VVX 401, VVX 410, VVX 411, VVX 450, VVX 500, VVX 501, VVX 600 and VVX 601. This issue affects some unknown processing of the component Diagnostic Telnet Mode. The manipulation leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. The identifier VDB-249257 was assigned to this vulnerability.
Severity ?
7.2 (High)
7.2 (High)
CWE
- CWE-78 - OS Command Injection
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Poly | Trio 8300 |
Affected:
n/a
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Credits
Christoph Wolff
Pascal Zenker
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:31:05.501Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://vuldb.com/?id.249257"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.249257"
},
{
"tags": [
"related",
"x_transferred"
],
"url": "https://modzero.com/en/advisories/mz-23-01-poly-voip/"
},
{
"tags": [
"related",
"x_transferred"
],
"url": "https://support.hp.com/us-en/document/ish_9931565-9931594-16/hpsbpy03898"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/modzero/MZ-23-01-Poly-VoIP-Devices"
},
{
"tags": [
"related",
"x_transferred"
],
"url": "https://fahrplan.events.ccc.de/congress/2023/fahrplan/events/11919.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"modules": [
"Diagnostic Telnet Mode"
],
"product": "Trio 8300",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Diagnostic Telnet Mode"
],
"product": "Trio 8500",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Diagnostic Telnet Mode"
],
"product": "Trio 8800",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Diagnostic Telnet Mode"
],
"product": "Trio C60",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Diagnostic Telnet Mode"
],
"product": "CCX 350",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Diagnostic Telnet Mode"
],
"product": "CCX 400",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Diagnostic Telnet Mode"
],
"product": "CCX 500",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Diagnostic Telnet Mode"
],
"product": "CCX 505",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Diagnostic Telnet Mode"
],
"product": "CCX 600",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Diagnostic Telnet Mode"
],
"product": "CCX 700",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Diagnostic Telnet Mode"
],
"product": "EDGE E100",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Diagnostic Telnet Mode"
],
"product": "EDGE E220",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Diagnostic Telnet Mode"
],
"product": "EDGE E300",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Diagnostic Telnet Mode"
],
"product": "EDGE E320",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Diagnostic Telnet Mode"
],
"product": "EDGE E350",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Diagnostic Telnet Mode"
],
"product": "EDGE E400",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Diagnostic Telnet Mode"
],
"product": "EDGE E450",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Diagnostic Telnet Mode"
],
"product": "EDGE E500",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Diagnostic Telnet Mode"
],
"product": "EDGE E550",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Diagnostic Telnet Mode"
],
"product": "VVX 101",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Diagnostic Telnet Mode"
],
"product": "VVX 150",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Diagnostic Telnet Mode"
],
"product": "VVX 201",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Diagnostic Telnet Mode"
],
"product": "VVX 250",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Diagnostic Telnet Mode"
],
"product": "VVX 300",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Diagnostic Telnet Mode"
],
"product": "VVX 301",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Diagnostic Telnet Mode"
],
"product": "VVX 310",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Diagnostic Telnet Mode"
],
"product": "VVX 311",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Diagnostic Telnet Mode"
],
"product": "VVX 350",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Diagnostic Telnet Mode"
],
"product": "VVX 400",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Diagnostic Telnet Mode"
],
"product": "VVX 401",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Diagnostic Telnet Mode"
],
"product": "VVX 410",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Diagnostic Telnet Mode"
],
"product": "VVX 411",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Diagnostic Telnet Mode"
],
"product": "VVX 450",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Diagnostic Telnet Mode"
],
"product": "VVX 500",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Diagnostic Telnet Mode"
],
"product": "VVX 501",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Diagnostic Telnet Mode"
],
"product": "VVX 600",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Diagnostic Telnet Mode"
],
"product": "VVX 601",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Christoph Wolff"
},
{
"lang": "en",
"type": "finder",
"value": "Pascal Zenker"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in Poly Trio 8300, Trio 8500, Trio 8800, Trio C60, CCX 350, CCX 400, CCX 500, CCX 505, CCX 600, CCX 700, EDGE E100, EDGE E220, EDGE E300, EDGE E320, EDGE E350, EDGE E400, EDGE E450, EDGE E500, EDGE E550, VVX 101, VVX 150, VVX 201, VVX 250, VVX 300, VVX 301, VVX 310, VVX 311, VVX 350, VVX 400, VVX 401, VVX 410, VVX 411, VVX 450, VVX 500, VVX 501, VVX 600 and VVX 601. This issue affects some unknown processing of the component Diagnostic Telnet Mode. The manipulation leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. The identifier VDB-249257 was assigned to this vulnerability."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in Poly Trio 8300, Trio 8500, Trio 8800, Trio C60, CCX 350, CCX 400, CCX 500, CCX 505, CCX 600, CCX 700, EDGE E100, EDGE E220, EDGE E300, EDGE E320, EDGE E350, EDGE E400, EDGE E450, EDGE E500, EDGE E550, VVX 101, VVX 150, VVX 201, VVX 250, VVX 300, VVX 301, VVX 310, VVX 311, VVX 350, VVX 400, VVX 401, VVX 410, VVX 411, VVX 450, VVX 500, VVX 501, VVX 600 and VVX 601 entdeckt. Sie wurde als kritisch eingestuft. Dies betrifft einen unbekannten Teil der Komponente Diagnostic Telnet Mode. Durch Manipulieren mit unbekannten Daten kann eine os command injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 8.3,
"vectorString": "AV:N/AC:L/Au:M/C:C/I:C/A:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 OS Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-09T16:16:18.526Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.249257"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.249257"
},
{
"tags": [
"related"
],
"url": "https://modzero.com/en/advisories/mz-23-01-poly-voip/"
},
{
"tags": [
"related"
],
"url": "https://support.hp.com/us-en/document/ish_9931565-9931594-16/hpsbpy03898"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/modzero/MZ-23-01-Poly-VoIP-Devices"
},
{
"tags": [
"related"
],
"url": "https://fahrplan.events.ccc.de/congress/2023/fahrplan/events/11919.html"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-12-29T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2023-12-29T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-01-09T17:17:31.000Z",
"value": "VulDB entry last update"
}
],
"title": "Poly VVX 601 Diagnostic Telnet Mode os command injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2023-4464",
"datePublished": "2023-12-29T09:37:57.839Z",
"dateReserved": "2023-08-21T17:03:47.879Z",
"dateUpdated": "2024-08-02T07:31:05.501Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4463 (GCVE-0-2023-4463)
Vulnerability from nvd – Published: 2023-12-29 09:37 – Updated: 2024-08-02 07:31
VLAI?
Title
Poly CCX 400/CCX 600/Trio 8800/Trio C60 HTTP Header denial of service
Summary
A vulnerability classified as problematic was found in Poly CCX 400, CCX 600, Trio 8800 and Trio C60. This vulnerability affects unknown code of the component HTTP Header Handler. The manipulation of the argument Cookie leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249256.
Severity ?
5.3 (Medium)
5.3 (Medium)
CWE
- CWE-404 - Denial of Service
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
Credits
Christoph Wolff
Pascal Zenker
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:31:05.440Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.249256"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.249256"
},
{
"tags": [
"related",
"x_transferred"
],
"url": "https://modzero.com/en/advisories/mz-23-01-poly-voip/"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/modzero/MZ-23-01-Poly-VoIP-Devices"
},
{
"tags": [
"related",
"x_transferred"
],
"url": "https://fahrplan.events.ccc.de/congress/2023/fahrplan/events/11919.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"modules": [
"HTTP Header Handler"
],
"product": "CCX 400",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"HTTP Header Handler"
],
"product": "CCX 600",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"HTTP Header Handler"
],
"product": "Trio 8800",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"HTTP Header Handler"
],
"product": "Trio C60",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Christoph Wolff"
},
{
"lang": "en",
"type": "finder",
"value": "Pascal Zenker"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic was found in Poly CCX 400, CCX 600, Trio 8800 and Trio C60. This vulnerability affects unknown code of the component HTTP Header Handler. The manipulation of the argument Cookie leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249256."
},
{
"lang": "de",
"value": "In Poly CCX 400, CCX 600, Trio 8800 and Trio C60 wurde eine Schwachstelle entdeckt. Sie wurde als problematisch eingestuft. Das betrifft eine unbekannte Funktionalit\u00e4t der Komponente HTTP Header Handler. Durch das Manipulieren des Arguments Cookie mit unbekannten Daten kann eine denial of service-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-404",
"description": "CWE-404 Denial of Service",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-09T16:16:16.427Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.249256"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.249256"
},
{
"tags": [
"related"
],
"url": "https://modzero.com/en/advisories/mz-23-01-poly-voip/"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/modzero/MZ-23-01-Poly-VoIP-Devices"
},
{
"tags": [
"related"
],
"url": "https://fahrplan.events.ccc.de/congress/2023/fahrplan/events/11919.html"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-12-29T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2023-12-29T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-01-09T17:12:39.000Z",
"value": "VulDB entry last update"
}
],
"title": "Poly CCX 400/CCX 600/Trio 8800/Trio C60 HTTP Header denial of service"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2023-4463",
"datePublished": "2023-12-29T09:37:55.980Z",
"dateReserved": "2023-08-21T17:03:42.507Z",
"dateUpdated": "2024-08-02T07:31:05.440Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4462 (GCVE-0-2023-4462)
Vulnerability from nvd – Published: 2023-12-29 09:31 – Updated: 2024-08-02 07:31
VLAI?
Title
Poly VVX 601 Web Configuration Application random values
Summary
A vulnerability classified as problematic has been found in Poly Trio 8300, Trio 8500, Trio 8800, Trio C60, CCX 350, CCX 400, CCX 500, CCX 505, CCX 600, CCX 700, EDGE E100, EDGE E220, EDGE E300, EDGE E320, EDGE E350, EDGE E400, EDGE E450, EDGE E500, EDGE E550, VVX 101, VVX 150, VVX 201, VVX 250, VVX 300, VVX 301, VVX 310, VVX 311, VVX 350, VVX 400, VVX 401, VVX 410, VVX 411, VVX 450, VVX 500, VVX 501, VVX 600 and VVX 601. This affects an unknown part of the component Web Configuration Application. The manipulation leads to insufficiently random values. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249255.
Severity ?
CWE
- CWE-330 - Insufficiently Random Values
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Poly | Trio 8300 |
Affected:
n/a
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Credits
Christoph Wolff
Pascal Zenker
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:31:05.383Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://vuldb.com/?id.249255"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.249255"
},
{
"tags": [
"related",
"x_transferred"
],
"url": "https://modzero.com/en/advisories/mz-23-01-poly-voip/"
},
{
"tags": [
"related",
"x_transferred"
],
"url": "https://support.hp.com/us-en/document/ish_9929296-9929329-16/hpsbpy03896"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/modzero/MZ-23-01-Poly-VoIP-Devices"
},
{
"tags": [
"related",
"x_transferred"
],
"url": "https://fahrplan.events.ccc.de/congress/2023/fahrplan/events/11919.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"modules": [
"Web Configuration Application"
],
"product": "Trio 8300",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Web Configuration Application"
],
"product": "Trio 8500",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Web Configuration Application"
],
"product": "Trio 8800",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Web Configuration Application"
],
"product": "Trio C60",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Web Configuration Application"
],
"product": "CCX 350",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Web Configuration Application"
],
"product": "CCX 400",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Web Configuration Application"
],
"product": "CCX 500",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Web Configuration Application"
],
"product": "CCX 505",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Web Configuration Application"
],
"product": "CCX 600",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Web Configuration Application"
],
"product": "CCX 700",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Web Configuration Application"
],
"product": "EDGE E100",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Web Configuration Application"
],
"product": "EDGE E220",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Web Configuration Application"
],
"product": "EDGE E300",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Web Configuration Application"
],
"product": "EDGE E320",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Web Configuration Application"
],
"product": "EDGE E350",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Web Configuration Application"
],
"product": "EDGE E400",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Web Configuration Application"
],
"product": "EDGE E450",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Web Configuration Application"
],
"product": "EDGE E500",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Web Configuration Application"
],
"product": "EDGE E550",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Web Configuration Application"
],
"product": "VVX 101",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Web Configuration Application"
],
"product": "VVX 150",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Web Configuration Application"
],
"product": "VVX 201",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Web Configuration Application"
],
"product": "VVX 250",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Web Configuration Application"
],
"product": "VVX 300",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Web Configuration Application"
],
"product": "VVX 301",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Web Configuration Application"
],
"product": "VVX 310",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Web Configuration Application"
],
"product": "VVX 311",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Web Configuration Application"
],
"product": "VVX 350",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Web Configuration Application"
],
"product": "VVX 400",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Web Configuration Application"
],
"product": "VVX 401",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Web Configuration Application"
],
"product": "VVX 410",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Web Configuration Application"
],
"product": "VVX 411",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Web Configuration Application"
],
"product": "VVX 450",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Web Configuration Application"
],
"product": "VVX 500",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Web Configuration Application"
],
"product": "VVX 501",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Web Configuration Application"
],
"product": "VVX 600",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Web Configuration Application"
],
"product": "VVX 601",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Christoph Wolff"
},
{
"lang": "en",
"type": "finder",
"value": "Pascal Zenker"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic has been found in Poly Trio 8300, Trio 8500, Trio 8800, Trio C60, CCX 350, CCX 400, CCX 500, CCX 505, CCX 600, CCX 700, EDGE E100, EDGE E220, EDGE E300, EDGE E320, EDGE E350, EDGE E400, EDGE E450, EDGE E500, EDGE E550, VVX 101, VVX 150, VVX 201, VVX 250, VVX 300, VVX 301, VVX 310, VVX 311, VVX 350, VVX 400, VVX 401, VVX 410, VVX 411, VVX 450, VVX 500, VVX 501, VVX 600 and VVX 601. This affects an unknown part of the component Web Configuration Application. The manipulation leads to insufficiently random values. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249255."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in Poly Trio 8300, Trio 8500, Trio 8800, Trio C60, CCX 350, CCX 400, CCX 500, CCX 505, CCX 600, CCX 700, EDGE E100, EDGE E220, EDGE E300, EDGE E320, EDGE E350, EDGE E400, EDGE E450, EDGE E500, EDGE E550, VVX 101, VVX 150, VVX 201, VVX 250, VVX 300, VVX 301, VVX 310, VVX 311, VVX 350, VVX 400, VVX 401, VVX 410, VVX 411, VVX 450, VVX 500, VVX 501, VVX 600 and VVX 601 entdeckt. Sie wurde als problematisch eingestuft. Es betrifft eine unbekannte Funktion der Komponente Web Configuration Application. Mittels Manipulieren mit unbekannten Daten kann eine insufficiently random values-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Sie ist schwierig auszunutzen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 2.6,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-330",
"description": "CWE-330 Insufficiently Random Values",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-09T16:16:14.573Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.249255"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.249255"
},
{
"tags": [
"related"
],
"url": "https://modzero.com/en/advisories/mz-23-01-poly-voip/"
},
{
"tags": [
"related"
],
"url": "https://support.hp.com/us-en/document/ish_9929296-9929329-16/hpsbpy03896"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/modzero/MZ-23-01-Poly-VoIP-Devices"
},
{
"tags": [
"related"
],
"url": "https://fahrplan.events.ccc.de/congress/2023/fahrplan/events/11919.html"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-12-29T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2023-12-29T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-01-09T17:18:45.000Z",
"value": "VulDB entry last update"
}
],
"title": "Poly VVX 601 Web Configuration Application random values"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2023-4462",
"datePublished": "2023-12-29T09:31:03.494Z",
"dateReserved": "2023-08-21T17:03:39.985Z",
"dateUpdated": "2024-08-02T07:31:05.383Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}