CVE-2023-4462 (GCVE-0-2023-4462)

Vulnerability from cvelistv5 – Published: 2023-12-29 09:31 – Updated: 2024-08-02 07:31
VLAI?
Title
Poly VVX 601 Web Configuration Application random values
Summary
A vulnerability classified as problematic has been found in Poly Trio 8300, Trio 8500, Trio 8800, Trio C60, CCX 350, CCX 400, CCX 500, CCX 505, CCX 600, CCX 700, EDGE E100, EDGE E220, EDGE E300, EDGE E320, EDGE E350, EDGE E400, EDGE E450, EDGE E500, EDGE E550, VVX 101, VVX 150, VVX 201, VVX 250, VVX 300, VVX 301, VVX 310, VVX 311, VVX 350, VVX 400, VVX 401, VVX 410, VVX 411, VVX 450, VVX 500, VVX 501, VVX 600 and VVX 601. This affects an unknown part of the component Web Configuration Application. The manipulation leads to insufficiently random values. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249255.
Severity ?
3.7 (Low)
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
3.7 (Low)
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
CWE
  • CWE-330 - Insufficiently Random Values
Assigner
References
Impacted products
Vendor Product Version
Poly Trio 8300 Affected: n/a
Create a notification for this product.
    Poly Trio 8500 Affected: n/a
Create a notification for this product.
    Poly Trio 8800 Affected: n/a
Create a notification for this product.
    Poly Trio C60 Affected: n/a
Create a notification for this product.
    Poly CCX 350 Affected: n/a
Create a notification for this product.
    Poly CCX 400 Affected: n/a
Create a notification for this product.
    Poly CCX 500 Affected: n/a
Create a notification for this product.
    Poly CCX 505 Affected: n/a
Create a notification for this product.
    Poly CCX 600 Affected: n/a
Create a notification for this product.
    Poly CCX 700 Affected: n/a
Create a notification for this product.
    Poly EDGE E100 Affected: n/a
Create a notification for this product.
    Poly EDGE E220 Affected: n/a
Create a notification for this product.
    Poly EDGE E300 Affected: n/a
Create a notification for this product.
    Poly EDGE E320 Affected: n/a
Create a notification for this product.
    Poly EDGE E350 Affected: n/a
Create a notification for this product.
    Poly EDGE E400 Affected: n/a
Create a notification for this product.
    Poly EDGE E450 Affected: n/a
Create a notification for this product.
    Poly EDGE E500 Affected: n/a
Create a notification for this product.
    Poly EDGE E550 Affected: n/a
Create a notification for this product.
    Poly VVX 101 Affected: n/a
Create a notification for this product.
    Poly VVX 150 Affected: n/a
Create a notification for this product.
    Poly VVX 201 Affected: n/a
Create a notification for this product.
    Poly VVX 250 Affected: n/a
Create a notification for this product.
    Poly VVX 300 Affected: n/a
Create a notification for this product.
    Poly VVX 301 Affected: n/a
Create a notification for this product.
    Poly VVX 310 Affected: n/a
Create a notification for this product.
    Poly VVX 311 Affected: n/a
Create a notification for this product.
    Poly VVX 350 Affected: n/a
Create a notification for this product.
    Poly VVX 400 Affected: n/a
Create a notification for this product.
    Poly VVX 401 Affected: n/a
Create a notification for this product.
    Poly VVX 410 Affected: n/a
Create a notification for this product.
    Poly VVX 411 Affected: n/a
Create a notification for this product.
    Poly VVX 450 Affected: n/a
Create a notification for this product.
    Poly VVX 500 Affected: n/a
Create a notification for this product.
    Poly VVX 501 Affected: n/a
Create a notification for this product.
    Poly VVX 600 Affected: n/a
Create a notification for this product.
    Poly VVX 601 Affected: n/a
Create a notification for this product.
Credits
Christoph Wolff Pascal Zenker
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T07:31:05.383Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?id.249255"
          },
          {
            "tags": [
              "signature",
              "permissions-required",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?ctiid.249255"
          },
          {
            "tags": [
              "related",
              "x_transferred"
            ],
            "url": "https://modzero.com/en/advisories/mz-23-01-poly-voip/"
          },
          {
            "tags": [
              "related",
              "x_transferred"
            ],
            "url": "https://support.hp.com/us-en/document/ish_9929296-9929329-16/hpsbpy03896"
          },
          {
            "tags": [
              "exploit",
              "x_transferred"
            ],
            "url": "https://github.com/modzero/MZ-23-01-Poly-VoIP-Devices"
          },
          {
            "tags": [
              "related",
              "x_transferred"
            ],
            "url": "https://fahrplan.events.ccc.de/congress/2023/fahrplan/events/11919.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "modules": [
            "Web Configuration Application"
          ],
          "product": "Trio 8300",
          "vendor": "Poly",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        },
        {
          "modules": [
            "Web Configuration Application"
          ],
          "product": "Trio 8500",
          "vendor": "Poly",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        },
        {
          "modules": [
            "Web Configuration Application"
          ],
          "product": "Trio 8800",
          "vendor": "Poly",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        },
        {
          "modules": [
            "Web Configuration Application"
          ],
          "product": "Trio C60",
          "vendor": "Poly",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        },
        {
          "modules": [
            "Web Configuration Application"
          ],
          "product": "CCX 350",
          "vendor": "Poly",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        },
        {
          "modules": [
            "Web Configuration Application"
          ],
          "product": "CCX 400",
          "vendor": "Poly",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        },
        {
          "modules": [
            "Web Configuration Application"
          ],
          "product": "CCX 500",
          "vendor": "Poly",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        },
        {
          "modules": [
            "Web Configuration Application"
          ],
          "product": "CCX 505",
          "vendor": "Poly",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        },
        {
          "modules": [
            "Web Configuration Application"
          ],
          "product": "CCX 600",
          "vendor": "Poly",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        },
        {
          "modules": [
            "Web Configuration Application"
          ],
          "product": "CCX 700",
          "vendor": "Poly",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        },
        {
          "modules": [
            "Web Configuration Application"
          ],
          "product": "EDGE E100",
          "vendor": "Poly",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        },
        {
          "modules": [
            "Web Configuration Application"
          ],
          "product": "EDGE E220",
          "vendor": "Poly",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        },
        {
          "modules": [
            "Web Configuration Application"
          ],
          "product": "EDGE E300",
          "vendor": "Poly",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        },
        {
          "modules": [
            "Web Configuration Application"
          ],
          "product": "EDGE E320",
          "vendor": "Poly",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        },
        {
          "modules": [
            "Web Configuration Application"
          ],
          "product": "EDGE E350",
          "vendor": "Poly",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        },
        {
          "modules": [
            "Web Configuration Application"
          ],
          "product": "EDGE E400",
          "vendor": "Poly",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        },
        {
          "modules": [
            "Web Configuration Application"
          ],
          "product": "EDGE E450",
          "vendor": "Poly",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        },
        {
          "modules": [
            "Web Configuration Application"
          ],
          "product": "EDGE E500",
          "vendor": "Poly",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        },
        {
          "modules": [
            "Web Configuration Application"
          ],
          "product": "EDGE E550",
          "vendor": "Poly",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        },
        {
          "modules": [
            "Web Configuration Application"
          ],
          "product": "VVX 101",
          "vendor": "Poly",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        },
        {
          "modules": [
            "Web Configuration Application"
          ],
          "product": "VVX 150",
          "vendor": "Poly",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        },
        {
          "modules": [
            "Web Configuration Application"
          ],
          "product": "VVX 201",
          "vendor": "Poly",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        },
        {
          "modules": [
            "Web Configuration Application"
          ],
          "product": "VVX 250",
          "vendor": "Poly",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        },
        {
          "modules": [
            "Web Configuration Application"
          ],
          "product": "VVX 300",
          "vendor": "Poly",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        },
        {
          "modules": [
            "Web Configuration Application"
          ],
          "product": "VVX 301",
          "vendor": "Poly",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        },
        {
          "modules": [
            "Web Configuration Application"
          ],
          "product": "VVX 310",
          "vendor": "Poly",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        },
        {
          "modules": [
            "Web Configuration Application"
          ],
          "product": "VVX 311",
          "vendor": "Poly",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        },
        {
          "modules": [
            "Web Configuration Application"
          ],
          "product": "VVX 350",
          "vendor": "Poly",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        },
        {
          "modules": [
            "Web Configuration Application"
          ],
          "product": "VVX 400",
          "vendor": "Poly",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        },
        {
          "modules": [
            "Web Configuration Application"
          ],
          "product": "VVX 401",
          "vendor": "Poly",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        },
        {
          "modules": [
            "Web Configuration Application"
          ],
          "product": "VVX 410",
          "vendor": "Poly",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        },
        {
          "modules": [
            "Web Configuration Application"
          ],
          "product": "VVX 411",
          "vendor": "Poly",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        },
        {
          "modules": [
            "Web Configuration Application"
          ],
          "product": "VVX 450",
          "vendor": "Poly",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        },
        {
          "modules": [
            "Web Configuration Application"
          ],
          "product": "VVX 500",
          "vendor": "Poly",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        },
        {
          "modules": [
            "Web Configuration Application"
          ],
          "product": "VVX 501",
          "vendor": "Poly",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        },
        {
          "modules": [
            "Web Configuration Application"
          ],
          "product": "VVX 600",
          "vendor": "Poly",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        },
        {
          "modules": [
            "Web Configuration Application"
          ],
          "product": "VVX 601",
          "vendor": "Poly",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Christoph Wolff"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "Pascal Zenker"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability classified as problematic has been found in Poly Trio 8300, Trio 8500, Trio 8800, Trio C60, CCX 350, CCX 400, CCX 500, CCX 505, CCX 600, CCX 700, EDGE E100, EDGE E220, EDGE E300, EDGE E320, EDGE E350, EDGE E400, EDGE E450, EDGE E500, EDGE E550, VVX 101, VVX 150, VVX 201, VVX 250, VVX 300, VVX 301, VVX 310, VVX 311, VVX 350, VVX 400, VVX 401, VVX 410, VVX 411, VVX 450, VVX 500, VVX 501, VVX 600 and VVX 601. This affects an unknown part of the component Web Configuration Application. The manipulation leads to insufficiently random values. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249255."
        },
        {
          "lang": "de",
          "value": "Es wurde eine Schwachstelle in Poly Trio 8300, Trio 8500, Trio 8800, Trio C60, CCX 350, CCX 400, CCX 500, CCX 505, CCX 600, CCX 700, EDGE E100, EDGE E220, EDGE E300, EDGE E320, EDGE E350, EDGE E400, EDGE E450, EDGE E500, EDGE E550, VVX 101, VVX 150, VVX 201, VVX 250, VVX 300, VVX 301, VVX 310, VVX 311, VVX 350, VVX 400, VVX 401, VVX 410, VVX 411, VVX 450, VVX 500, VVX 501, VVX 600 and VVX 601 entdeckt. Sie wurde als problematisch eingestuft. Es betrifft eine unbekannte Funktion der Komponente Web Configuration Application. Mittels Manipulieren mit unbekannten Daten kann eine insufficiently random values-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Sie ist schwierig auszunutzen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 2.6,
            "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-330",
              "description": "CWE-330 Insufficiently Random Values",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-09T16:16:14.573Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://vuldb.com/?id.249255"
        },
        {
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.249255"
        },
        {
          "tags": [
            "related"
          ],
          "url": "https://modzero.com/en/advisories/mz-23-01-poly-voip/"
        },
        {
          "tags": [
            "related"
          ],
          "url": "https://support.hp.com/us-en/document/ish_9929296-9929329-16/hpsbpy03896"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://github.com/modzero/MZ-23-01-Poly-VoIP-Devices"
        },
        {
          "tags": [
            "related"
          ],
          "url": "https://fahrplan.events.ccc.de/congress/2023/fahrplan/events/11919.html"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2023-12-29T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2023-12-29T01:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2024-01-09T17:18:45.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "Poly VVX 601 Web Configuration Application random values"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2023-4462",
    "datePublished": "2023-12-29T09:31:03.494Z",
    "dateReserved": "2023-08-21T17:03:39.985Z",
    "dateUpdated": "2024-08-02T07:31:05.383Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:poly:ccx_400_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E6EF5E6E-D387-4EB1-A533-C005F76F49E0\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:poly:ccx_400:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"74C09FB0-DC34-4F03-8560-B607FB8A5245\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:poly:ccx_600_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"37A9DF12-51BF-4E6A-B753-7481C95F22AD\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:poly:ccx_600:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8F8D61E7-160F-4E4F-8C73-724DFF3F92C2\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:poly:trio_8800_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6307C9DD-572F-44E4-ADCD-205CC1553774\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:poly:trio_8800:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"39862A32-5AF6-41F9-9C25-9D68EB3784DC\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:poly:trio_c60_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3CC00989-4E87-48F1-9EC9-53F0AB4F445C\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:poly:trio_c60:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6CDD2376-BD9D-4B5E-B776-0F627D09E025\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A vulnerability classified as problematic has been found in Poly Trio 8300, Trio 8500, Trio 8800, Trio C60, CCX 350, CCX 400, CCX 500, CCX 505, CCX 600, CCX 700, EDGE E100, EDGE E220, EDGE E300, EDGE E320, EDGE E350, EDGE E400, EDGE E450, EDGE E500, EDGE E550, VVX 101, VVX 150, VVX 201, VVX 250, VVX 300, VVX 301, VVX 310, VVX 311, VVX 350, VVX 400, VVX 401, VVX 410, VVX 411, VVX 450, VVX 500, VVX 501, VVX 600 and VVX 601. This affects an unknown part of the component Web Configuration Application. The manipulation leads to insufficiently random values. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249255.\"}, {\"lang\": \"es\", \"value\": \"Una vulnerabilidad ha sido encontrada en Poly CCX 400, CCX 600, Trio 8800 y Trio C60 y clasificada como problem\\u00e1tica. Una parte desconocida del componente Web Configuration Application afecta a una parte desconocida. La manipulaci\\u00f3n conduce a valores insuficientemente aleatorios. Es posible iniciar el ataque de forma remota. La complejidad de un ataque es bastante alta. Se dice que la explotabilidad es dif\\u00edcil. La explotaci\\u00f3n ha sido divulgada al p\\u00fablico y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-249255.\"}]",
      "id": "CVE-2023-4462",
      "lastModified": "2024-11-21T08:35:12.827",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"cna@vuldb.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N\", \"baseScore\": 3.7, \"baseSeverity\": \"LOW\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.2, \"impactScore\": 1.4}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 5.9, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.2, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"cna@vuldb.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:H/Au:N/C:P/I:N/A:N\", \"baseScore\": 2.6, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"HIGH\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"LOW\", \"exploitabilityScore\": 4.9, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2023-12-29T10:15:11.100",
      "references": "[{\"url\": \"https://fahrplan.events.ccc.de/congress/2023/fahrplan/events/11919.html\", \"source\": \"cna@vuldb.com\", \"tags\": [\"Not Applicable\"]}, {\"url\": \"https://github.com/modzero/MZ-23-01-Poly-VoIP-Devices\", \"source\": \"cna@vuldb.com\"}, {\"url\": \"https://modzero.com/en/advisories/mz-23-01-poly-voip/\", \"source\": \"cna@vuldb.com\"}, {\"url\": \"https://support.hp.com/us-en/document/ish_9929296-9929329-16/hpsbpy03896\", \"source\": \"cna@vuldb.com\"}, {\"url\": \"https://vuldb.com/?ctiid.249255\", \"source\": \"cna@vuldb.com\", \"tags\": [\"Permissions Required\", \"Third Party Advisory\"]}, {\"url\": \"https://vuldb.com/?id.249255\", \"source\": \"cna@vuldb.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://modzero.com/en/blog/multiple-vulnerabilities-in-poly-products/\", \"source\": \"nvd@nist.gov\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://fahrplan.events.ccc.de/congress/2023/fahrplan/events/11919.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Not Applicable\"]}, {\"url\": \"https://github.com/modzero/MZ-23-01-Poly-VoIP-Devices\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://modzero.com/en/advisories/mz-23-01-poly-voip/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://support.hp.com/us-en/document/ish_9929296-9929329-16/hpsbpy03896\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://vuldb.com/?ctiid.249255\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Permissions Required\", \"Third Party Advisory\"]}, {\"url\": \"https://vuldb.com/?id.249255\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
      "sourceIdentifier": "cna@vuldb.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"cna@vuldb.com\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-330\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-4462\",\"sourceIdentifier\":\"cna@vuldb.com\",\"published\":\"2023-12-29T10:15:11.100\",\"lastModified\":\"2024-11-21T08:35:12.827\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability classified as problematic has been found in Poly Trio 8300, Trio 8500, Trio 8800, Trio C60, CCX 350, CCX 400, CCX 500, CCX 505, CCX 600, CCX 700, EDGE E100, EDGE E220, EDGE E300, EDGE E320, EDGE E350, EDGE E400, EDGE E450, EDGE E500, EDGE E550, VVX 101, VVX 150, VVX 201, VVX 250, VVX 300, VVX 301, VVX 310, VVX 311, VVX 350, VVX 400, VVX 401, VVX 410, VVX 411, VVX 450, VVX 500, VVX 501, VVX 600 and VVX 601. This affects an unknown part of the component Web Configuration Application. The manipulation leads to insufficiently random values. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249255.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad ha sido encontrada en Poly CCX 400, CCX 600, Trio 8800 y Trio C60 y clasificada como problem\u00e1tica. Una parte desconocida del componente Web Configuration Application afecta a una parte desconocida. La manipulaci\u00f3n conduce a valores insuficientemente aleatorios. Es posible iniciar el ataque de forma remota. La complejidad de un ataque es bastante alta. Se dice que la explotabilidad es dif\u00edcil. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-249255.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":3.7,\"baseSeverity\":\"LOW\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.2,\"impactScore\":1.4},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":5.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.2,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:H/Au:N/C:P/I:N/A:N\",\"baseScore\":2.6,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"HIGH\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":4.9,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-330\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:poly:ccx_400_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E6EF5E6E-D387-4EB1-A533-C005F76F49E0\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:poly:ccx_400:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"74C09FB0-DC34-4F03-8560-B607FB8A5245\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:poly:ccx_600_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"37A9DF12-51BF-4E6A-B753-7481C95F22AD\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:poly:ccx_600:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8F8D61E7-160F-4E4F-8C73-724DFF3F92C2\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:poly:trio_8800_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6307C9DD-572F-44E4-ADCD-205CC1553774\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:poly:trio_8800:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"39862A32-5AF6-41F9-9C25-9D68EB3784DC\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:poly:trio_c60_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3CC00989-4E87-48F1-9EC9-53F0AB4F445C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:poly:trio_c60:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6CDD2376-BD9D-4B5E-B776-0F627D09E025\"}]}]}],\"references\":[{\"url\":\"https://fahrplan.events.ccc.de/congress/2023/fahrplan/events/11919.html\",\"source\":\"cna@vuldb.com\",\"tags\":[\"Not Applicable\"]},{\"url\":\"https://github.com/modzero/MZ-23-01-Poly-VoIP-Devices\",\"source\":\"cna@vuldb.com\"},{\"url\":\"https://modzero.com/en/advisories/mz-23-01-poly-voip/\",\"source\":\"cna@vuldb.com\"},{\"url\":\"https://support.hp.com/us-en/document/ish_9929296-9929329-16/hpsbpy03896\",\"source\":\"cna@vuldb.com\"},{\"url\":\"https://vuldb.com/?ctiid.249255\",\"source\":\"cna@vuldb.com\",\"tags\":[\"Permissions Required\",\"Third Party Advisory\"]},{\"url\":\"https://vuldb.com/?id.249255\",\"source\":\"cna@vuldb.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://modzero.com/en/blog/multiple-vulnerabilities-in-poly-products/\",\"source\":\"nvd@nist.gov\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://fahrplan.events.ccc.de/congress/2023/fahrplan/events/11919.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Not Applicable\"]},{\"url\":\"https://github.com/modzero/MZ-23-01-Poly-VoIP-Devices\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://modzero.com/en/advisories/mz-23-01-poly-voip/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://support.hp.com/us-en/document/ish_9929296-9929329-16/hpsbpy03896\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://vuldb.com/?ctiid.249255\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Permissions Required\",\"Third Party Advisory\"]},{\"url\":\"https://vuldb.com/?id.249255\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.