Описание
AudioCodes 440HD and 450HD devices 3.1.2.89 and earlier allows man-in-the-middle attackers to obtain sensitive credential information by leveraging failure to validate X.509 certificates when used with an on-premise installation with Skype for Business.
Ссылки
- Third Party AdvisoryVDB Entry
- ExploitMailing ListThird Party Advisory
- ExploitThird Party Advisory
- Third Party AdvisoryVDB Entry
- ExploitMailing ListThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 3.1.2.89 (включая)
Одновременно
cpe:2.3:o:audiocodes:440hd_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:audiocodes:440hd:-:*:*:*:*:*:*:*
Конфигурация 2Версия до 3.1.2.89 (включая)
Одновременно
cpe:2.3:o:audiocodes:450hd_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:audiocodes:450hd:-:*:*:*:*:*:*:*
EPSS
Процентиль: 71%
0.00694
Низкий
5.9 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-295
Связанные уязвимости
CVSS3: 5.9
github
больше 3 лет назад
AudioCodes 440HD and 450HD devices 3.1.2.89 and earlier allows man-in-the-middle attackers to obtain sensitive credential information by leveraging failure to validate X.509 certificates when used with an on-premise installation with Skype for Business.
EPSS
Процентиль: 71%
0.00694
Низкий
5.9 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-295