Описание
An issue was discovered on AudioCodes VoIP desk phones through 3.4.4.1000. The validation of firmware images only consists of simple checksum checks for different firmware components. Thus, by knowing how to calculate and where to store the required checksums for the flasher tool, an attacker is able to store malicious firmware.
Ссылки
- Third Party AdvisoryVDB Entry
- Mailing ListThird Party Advisory
- Not Applicable
- ExploitVendor Advisory
- Third Party AdvisoryVDB Entry
- Mailing ListThird Party Advisory
- Not Applicable
- ExploitVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 3.4.4.1000 (включая)
Одновременно
cpe:2.3:o:audiocodes:445hd_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:audiocodes:445hd:-:*:*:*:*:*:*:*
Конфигурация 2Версия до 3.4.4.1000 (включая)
Одновременно
cpe:2.3:o:audiocodes:405hd_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:audiocodes:405hd:-:*:*:*:*:*:*:*
Конфигурация 3Версия до 3.4.4.1000 (включая)
Одновременно
cpe:2.3:o:audiocodes:c450hd_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:audiocodes:c450hd:-:*:*:*:*:*:*:*
EPSS
Процентиль: 21%
0.00066
Низкий
7.8 High
CVSS3
Дефекты
CWE-345
Связанные уязвимости
CVSS3: 7.8
github
больше 2 лет назад
An issue was discovered on AudioCodes VoIP desk phones through 3.4.4.1000. The validation of firmware images only consists of simple checksum checks for different firmware components. Thus, by knowing how to calculate and where to store the required checksums for the flasher tool, an attacker is able to store malicious firmware.
EPSS
Процентиль: 21%
0.00066
Низкий
7.8 High
CVSS3
Дефекты
CWE-345