CVE-2023-4465 (GCVE-0-2023-4465)

Vulnerability from cvelistv5 – Published: 2023-12-29 09:37 – Updated: 2024-08-02 07:31
VLAI?
Title
Poly VVX 601 Configuration File Import unverified password change
Summary
A vulnerability, which was classified as problematic, was found in Poly Trio 8300, Trio 8500, Trio 8800, Trio C60, CCX 350, CCX 400, CCX 500, CCX 505, CCX 600, CCX 700, EDGE E100, EDGE E220, EDGE E300, EDGE E320, EDGE E350, EDGE E400, EDGE E450, EDGE E500, EDGE E550, VVX 101, VVX 150, VVX 201, VVX 250, VVX 300, VVX 301, VVX 310, VVX 311, VVX 350, VVX 400, VVX 401, VVX 410, VVX 411, VVX 450, VVX 500, VVX 501, VVX 600 and VVX 601. Affected is an unknown function of the component Configuration File Import. The manipulation of the argument device.auth.localAdminPassword leads to unverified password change. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-249258 is the identifier assigned to this vulnerability.
Severity ?
2.7 (Low)
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
2.7 (Low)
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
CWE
  • CWE-620 - Unverified Password Change
Assigner
References
Impacted products
Vendor Product Version
Poly Trio 8300 Affected: n/a
Create a notification for this product.
    Poly Trio 8500 Affected: n/a
Create a notification for this product.
    Poly Trio 8800 Affected: n/a
Create a notification for this product.
    Poly Trio C60 Affected: n/a
Create a notification for this product.
    Poly CCX 350 Affected: n/a
Create a notification for this product.
    Poly CCX 400 Affected: n/a
Create a notification for this product.
    Poly CCX 500 Affected: n/a
Create a notification for this product.
    Poly CCX 505 Affected: n/a
Create a notification for this product.
    Poly CCX 600 Affected: n/a
Create a notification for this product.
    Poly CCX 700 Affected: n/a
Create a notification for this product.
    Poly EDGE E100 Affected: n/a
Create a notification for this product.
    Poly EDGE E220 Affected: n/a
Create a notification for this product.
    Poly EDGE E300 Affected: n/a
Create a notification for this product.
    Poly EDGE E320 Affected: n/a
Create a notification for this product.
    Poly EDGE E350 Affected: n/a
Create a notification for this product.
    Poly EDGE E400 Affected: n/a
Create a notification for this product.
    Poly EDGE E450 Affected: n/a
Create a notification for this product.
    Poly EDGE E500 Affected: n/a
Create a notification for this product.
    Poly EDGE E550 Affected: n/a
Create a notification for this product.
    Poly VVX 101 Affected: n/a
Create a notification for this product.
    Poly VVX 150 Affected: n/a
Create a notification for this product.
    Poly VVX 201 Affected: n/a
Create a notification for this product.
    Poly VVX 250 Affected: n/a
Create a notification for this product.
    Poly VVX 300 Affected: n/a
Create a notification for this product.
    Poly VVX 301 Affected: n/a
Create a notification for this product.
    Poly VVX 310 Affected: n/a
Create a notification for this product.
    Poly VVX 311 Affected: n/a
Create a notification for this product.
    Poly VVX 350 Affected: n/a
Create a notification for this product.
    Poly VVX 400 Affected: n/a
Create a notification for this product.
    Poly VVX 401 Affected: n/a
Create a notification for this product.
    Poly VVX 410 Affected: n/a
Create a notification for this product.
    Poly VVX 411 Affected: n/a
Create a notification for this product.
    Poly VVX 450 Affected: n/a
Create a notification for this product.
    Poly VVX 500 Affected: n/a
Create a notification for this product.
    Poly VVX 501 Affected: n/a
Create a notification for this product.
    Poly VVX 600 Affected: n/a
Create a notification for this product.
    Poly VVX 601 Affected: n/a
Create a notification for this product.
Credits
Christoph Wolff Pascal Zenker
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T07:31:05.490Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vdb-entry",
              "technical-description",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?id.249258"
          },
          {
            "tags": [
              "signature",
              "permissions-required",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?ctiid.249258"
          },
          {
            "tags": [
              "related",
              "x_transferred"
            ],
            "url": "https://modzero.com/en/advisories/mz-23-01-poly-voip/"
          },
          {
            "tags": [
              "related",
              "x_transferred"
            ],
            "url": "https://support.hp.com/us-en/document/ish_9929371-9929407-16/hpsbpy03899"
          },
          {
            "tags": [
              "exploit",
              "x_transferred"
            ],
            "url": "https://github.com/modzero/MZ-23-01-Poly-VoIP-Devices"
          },
          {
            "tags": [
              "related",
              "x_transferred"
            ],
            "url": "https://fahrplan.events.ccc.de/congress/2023/fahrplan/events/11919.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "modules": [
            "Configuration File Import"
          ],
          "product": "Trio 8300",
          "vendor": "Poly",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        },
        {
          "modules": [
            "Configuration File Import"
          ],
          "product": "Trio 8500",
          "vendor": "Poly",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        },
        {
          "modules": [
            "Configuration File Import"
          ],
          "product": "Trio 8800",
          "vendor": "Poly",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        },
        {
          "modules": [
            "Configuration File Import"
          ],
          "product": "Trio C60",
          "vendor": "Poly",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        },
        {
          "modules": [
            "Configuration File Import"
          ],
          "product": "CCX 350",
          "vendor": "Poly",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        },
        {
          "modules": [
            "Configuration File Import"
          ],
          "product": "CCX 400",
          "vendor": "Poly",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        },
        {
          "modules": [
            "Configuration File Import"
          ],
          "product": "CCX 500",
          "vendor": "Poly",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        },
        {
          "modules": [
            "Configuration File Import"
          ],
          "product": "CCX 505",
          "vendor": "Poly",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        },
        {
          "modules": [
            "Configuration File Import"
          ],
          "product": "CCX 600",
          "vendor": "Poly",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        },
        {
          "modules": [
            "Configuration File Import"
          ],
          "product": "CCX 700",
          "vendor": "Poly",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        },
        {
          "modules": [
            "Configuration File Import"
          ],
          "product": "EDGE E100",
          "vendor": "Poly",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        },
        {
          "modules": [
            "Configuration File Import"
          ],
          "product": "EDGE E220",
          "vendor": "Poly",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        },
        {
          "modules": [
            "Configuration File Import"
          ],
          "product": "EDGE E300",
          "vendor": "Poly",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        },
        {
          "modules": [
            "Configuration File Import"
          ],
          "product": "EDGE E320",
          "vendor": "Poly",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        },
        {
          "modules": [
            "Configuration File Import"
          ],
          "product": "EDGE E350",
          "vendor": "Poly",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        },
        {
          "modules": [
            "Configuration File Import"
          ],
          "product": "EDGE E400",
          "vendor": "Poly",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        },
        {
          "modules": [
            "Configuration File Import"
          ],
          "product": "EDGE E450",
          "vendor": "Poly",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        },
        {
          "modules": [
            "Configuration File Import"
          ],
          "product": "EDGE E500",
          "vendor": "Poly",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        },
        {
          "modules": [
            "Configuration File Import"
          ],
          "product": "EDGE E550",
          "vendor": "Poly",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        },
        {
          "modules": [
            "Configuration File Import"
          ],
          "product": "VVX 101",
          "vendor": "Poly",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        },
        {
          "modules": [
            "Configuration File Import"
          ],
          "product": "VVX 150",
          "vendor": "Poly",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        },
        {
          "modules": [
            "Configuration File Import"
          ],
          "product": "VVX 201",
          "vendor": "Poly",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        },
        {
          "modules": [
            "Configuration File Import"
          ],
          "product": "VVX 250",
          "vendor": "Poly",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        },
        {
          "modules": [
            "Configuration File Import"
          ],
          "product": "VVX 300",
          "vendor": "Poly",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        },
        {
          "modules": [
            "Configuration File Import"
          ],
          "product": "VVX 301",
          "vendor": "Poly",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        },
        {
          "modules": [
            "Configuration File Import"
          ],
          "product": "VVX 310",
          "vendor": "Poly",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        },
        {
          "modules": [
            "Configuration File Import"
          ],
          "product": "VVX 311",
          "vendor": "Poly",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        },
        {
          "modules": [
            "Configuration File Import"
          ],
          "product": "VVX 350",
          "vendor": "Poly",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        },
        {
          "modules": [
            "Configuration File Import"
          ],
          "product": "VVX 400",
          "vendor": "Poly",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        },
        {
          "modules": [
            "Configuration File Import"
          ],
          "product": "VVX 401",
          "vendor": "Poly",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        },
        {
          "modules": [
            "Configuration File Import"
          ],
          "product": "VVX 410",
          "vendor": "Poly",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        },
        {
          "modules": [
            "Configuration File Import"
          ],
          "product": "VVX 411",
          "vendor": "Poly",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        },
        {
          "modules": [
            "Configuration File Import"
          ],
          "product": "VVX 450",
          "vendor": "Poly",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        },
        {
          "modules": [
            "Configuration File Import"
          ],
          "product": "VVX 500",
          "vendor": "Poly",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        },
        {
          "modules": [
            "Configuration File Import"
          ],
          "product": "VVX 501",
          "vendor": "Poly",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        },
        {
          "modules": [
            "Configuration File Import"
          ],
          "product": "VVX 600",
          "vendor": "Poly",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        },
        {
          "modules": [
            "Configuration File Import"
          ],
          "product": "VVX 601",
          "vendor": "Poly",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Christoph Wolff"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "Pascal Zenker"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability, which was classified as problematic, was found in Poly Trio 8300, Trio 8500, Trio 8800, Trio C60, CCX 350, CCX 400, CCX 500, CCX 505, CCX 600, CCX 700, EDGE E100, EDGE E220, EDGE E300, EDGE E320, EDGE E350, EDGE E400, EDGE E450, EDGE E500, EDGE E550, VVX 101, VVX 150, VVX 201, VVX 250, VVX 300, VVX 301, VVX 310, VVX 311, VVX 350, VVX 400, VVX 401, VVX 410, VVX 411, VVX 450, VVX 500, VVX 501, VVX 600 and VVX 601. Affected is an unknown function of the component Configuration File Import. The manipulation of the argument device.auth.localAdminPassword leads to unverified password change. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-249258 is the identifier assigned to this vulnerability."
        },
        {
          "lang": "de",
          "value": "Es wurde eine Schwachstelle in Poly Trio 8300, Trio 8500, Trio 8800, Trio C60, CCX 350, CCX 400, CCX 500, CCX 505, CCX 600, CCX 700, EDGE E100, EDGE E220, EDGE E300, EDGE E320, EDGE E350, EDGE E400, EDGE E450, EDGE E500, EDGE E550, VVX 101, VVX 150, VVX 201, VVX 250, VVX 300, VVX 301, VVX 310, VVX 311, VVX 350, VVX 400, VVX 401, VVX 410, VVX 411, VVX 450, VVX 500, VVX 501, VVX 600 and VVX 601 gefunden. Sie wurde als problematisch eingestuft. Dabei betrifft es einen unbekannter Codeteil der Komponente Configuration File Import. Durch das Beeinflussen des Arguments device.auth.localAdminPassword mit unbekannten Daten kann eine unverified password change-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 2.7,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 2.7,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 3.3,
            "vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-620",
              "description": "CWE-620 Unverified Password Change",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-09T16:16:20.765Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.249258"
        },
        {
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.249258"
        },
        {
          "tags": [
            "related"
          ],
          "url": "https://modzero.com/en/advisories/mz-23-01-poly-voip/"
        },
        {
          "tags": [
            "related"
          ],
          "url": "https://support.hp.com/us-en/document/ish_9929371-9929407-16/hpsbpy03899"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://github.com/modzero/MZ-23-01-Poly-VoIP-Devices"
        },
        {
          "tags": [
            "related"
          ],
          "url": "https://fahrplan.events.ccc.de/congress/2023/fahrplan/events/11919.html"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2023-12-29T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2023-12-29T01:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2024-01-09T17:20:00.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "Poly VVX 601 Configuration File Import unverified password change"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2023-4465",
    "datePublished": "2023-12-29T09:37:59.607Z",
    "dateReserved": "2023-08-21T17:03:52.457Z",
    "dateUpdated": "2024-08-02T07:31:05.490Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:poly:ccx_400_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E6EF5E6E-D387-4EB1-A533-C005F76F49E0\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:poly:ccx_400:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"74C09FB0-DC34-4F03-8560-B607FB8A5245\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:poly:ccx_600_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"37A9DF12-51BF-4E6A-B753-7481C95F22AD\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:poly:ccx_600:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8F8D61E7-160F-4E4F-8C73-724DFF3F92C2\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:poly:trio_8800_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6307C9DD-572F-44E4-ADCD-205CC1553774\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:poly:trio_8800:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"39862A32-5AF6-41F9-9C25-9D68EB3784DC\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:poly:trio_c60_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3CC00989-4E87-48F1-9EC9-53F0AB4F445C\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:poly:trio_c60:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6CDD2376-BD9D-4B5E-B776-0F627D09E025\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A vulnerability, which was classified as problematic, was found in Poly Trio 8300, Trio 8500, Trio 8800, Trio C60, CCX 350, CCX 400, CCX 500, CCX 505, CCX 600, CCX 700, EDGE E100, EDGE E220, EDGE E300, EDGE E320, EDGE E350, EDGE E400, EDGE E450, EDGE E500, EDGE E550, VVX 101, VVX 150, VVX 201, VVX 250, VVX 300, VVX 301, VVX 310, VVX 311, VVX 350, VVX 400, VVX 401, VVX 410, VVX 411, VVX 450, VVX 500, VVX 501, VVX 600 and VVX 601. Affected is an unknown function of the component Configuration File Import. The manipulation of the argument device.auth.localAdminPassword leads to unverified password change. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-249258 is the identifier assigned to this vulnerability.\"}, {\"lang\": \"es\", \"value\": \"Una vulnerabilidad clasificada como problem\\u00e1tica fue encontrada en Poly CCX 400, CCX 600, Trio 8800 y Trio C60. Una funci\\u00f3n desconocida del componente Configuration File Import es afectada por esta vulnerabilidad. La manipulaci\\u00f3n del argumento device.auth.localAdminPassword conduce a un cambio de contrase\\u00f1a no verificado. Es posible lanzar el ataque de forma remota. La explotaci\\u00f3n ha sido divulgada al p\\u00fablico y puede utilizarse. VDB-249258 es el identificador asignado a esta vulnerabilidad.\"}]",
      "id": "CVE-2023-4465",
      "lastModified": "2024-11-21T08:35:13.393",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"cna@vuldb.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N\", \"baseScore\": 2.7, \"baseSeverity\": \"LOW\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 1.2, \"impactScore\": 1.4}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N\", \"baseScore\": 6.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"cna@vuldb.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:M/C:N/I:P/A:N\", \"baseScore\": 3.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"MULTIPLE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"LOW\", \"exploitabilityScore\": 6.4, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2023-12-29T10:15:12.133",
      "references": "[{\"url\": \"https://fahrplan.events.ccc.de/congress/2023/fahrplan/events/11919.html\", \"source\": \"cna@vuldb.com\", \"tags\": [\"Not Applicable\"]}, {\"url\": \"https://github.com/modzero/MZ-23-01-Poly-VoIP-Devices\", \"source\": \"cna@vuldb.com\"}, {\"url\": \"https://modzero.com/en/advisories/mz-23-01-poly-voip/\", \"source\": \"cna@vuldb.com\"}, {\"url\": \"https://support.hp.com/us-en/document/ish_9929371-9929407-16/hpsbpy03899\", \"source\": \"cna@vuldb.com\"}, {\"url\": \"https://vuldb.com/?ctiid.249258\", \"source\": \"cna@vuldb.com\", \"tags\": [\"Permissions Required\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://vuldb.com/?id.249258\", \"source\": \"cna@vuldb.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://fahrplan.events.ccc.de/congress/2023/fahrplan/events/11919.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Not Applicable\"]}, {\"url\": \"https://github.com/modzero/MZ-23-01-Poly-VoIP-Devices\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://modzero.com/en/advisories/mz-23-01-poly-voip/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://support.hp.com/us-en/document/ish_9929371-9929407-16/hpsbpy03899\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://vuldb.com/?ctiid.249258\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Permissions Required\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://vuldb.com/?id.249258\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}]",
      "sourceIdentifier": "cna@vuldb.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"cna@vuldb.com\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-620\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-4465\",\"sourceIdentifier\":\"cna@vuldb.com\",\"published\":\"2023-12-29T10:15:12.133\",\"lastModified\":\"2024-11-21T08:35:13.393\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability, which was classified as problematic, was found in Poly Trio 8300, Trio 8500, Trio 8800, Trio C60, CCX 350, CCX 400, CCX 500, CCX 505, CCX 600, CCX 700, EDGE E100, EDGE E220, EDGE E300, EDGE E320, EDGE E350, EDGE E400, EDGE E450, EDGE E500, EDGE E550, VVX 101, VVX 150, VVX 201, VVX 250, VVX 300, VVX 301, VVX 310, VVX 311, VVX 350, VVX 400, VVX 401, VVX 410, VVX 411, VVX 450, VVX 500, VVX 501, VVX 600 and VVX 601. Affected is an unknown function of the component Configuration File Import. The manipulation of the argument device.auth.localAdminPassword leads to unverified password change. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-249258 is the identifier assigned to this vulnerability.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad clasificada como problem\u00e1tica fue encontrada en Poly CCX 400, CCX 600, Trio 8800 y Trio C60. Una funci\u00f3n desconocida del componente Configuration File Import es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento device.auth.localAdminPassword conduce a un cambio de contrase\u00f1a no verificado. Es posible lanzar el ataque de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. VDB-249258 es el identificador asignado a esta vulnerabilidad.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N\",\"baseScore\":2.7,\"baseSeverity\":\"LOW\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.2,\"impactScore\":1.4},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:M/C:N/I:P/A:N\",\"baseScore\":3.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"MULTIPLE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":6.4,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-620\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:poly:ccx_400_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E6EF5E6E-D387-4EB1-A533-C005F76F49E0\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:poly:ccx_400:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"74C09FB0-DC34-4F03-8560-B607FB8A5245\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:poly:ccx_600_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"37A9DF12-51BF-4E6A-B753-7481C95F22AD\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:poly:ccx_600:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8F8D61E7-160F-4E4F-8C73-724DFF3F92C2\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:poly:trio_8800_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6307C9DD-572F-44E4-ADCD-205CC1553774\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:poly:trio_8800:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"39862A32-5AF6-41F9-9C25-9D68EB3784DC\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:poly:trio_c60_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3CC00989-4E87-48F1-9EC9-53F0AB4F445C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:poly:trio_c60:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6CDD2376-BD9D-4B5E-B776-0F627D09E025\"}]}]}],\"references\":[{\"url\":\"https://fahrplan.events.ccc.de/congress/2023/fahrplan/events/11919.html\",\"source\":\"cna@vuldb.com\",\"tags\":[\"Not Applicable\"]},{\"url\":\"https://github.com/modzero/MZ-23-01-Poly-VoIP-Devices\",\"source\":\"cna@vuldb.com\"},{\"url\":\"https://modzero.com/en/advisories/mz-23-01-poly-voip/\",\"source\":\"cna@vuldb.com\"},{\"url\":\"https://support.hp.com/us-en/document/ish_9929371-9929407-16/hpsbpy03899\",\"source\":\"cna@vuldb.com\"},{\"url\":\"https://vuldb.com/?ctiid.249258\",\"source\":\"cna@vuldb.com\",\"tags\":[\"Permissions Required\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://vuldb.com/?id.249258\",\"source\":\"cna@vuldb.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://fahrplan.events.ccc.de/congress/2023/fahrplan/events/11919.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Not Applicable\"]},{\"url\":\"https://github.com/modzero/MZ-23-01-Poly-VoIP-Devices\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://modzero.com/en/advisories/mz-23-01-poly-voip/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://support.hp.com/us-en/document/ish_9929371-9929407-16/hpsbpy03899\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://vuldb.com/?ctiid.249258\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Permissions Required\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://vuldb.com/?id.249258\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.