Описание
An issue was discovered in libac_des3.so on AudioCodes VoIP desk phones through 3.4.4.1000. Due to the use of hard-coded cryptographic key, an attacker with access to backup or configuration files is able to decrypt encrypted values and retrieve sensitive information, e.g., the device root password.
Ссылки
- ExploitThird Party AdvisoryVDB Entry
- ExploitMailing ListThird Party Advisory
- Not Applicable
- ExploitVendor Advisory
- ExploitThird Party AdvisoryVDB Entry
- ExploitMailing ListThird Party Advisory
- Not Applicable
- ExploitVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 3.4.4.1000 (включая)
Одновременно
cpe:2.3:o:audiocodes:c470hd_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:audiocodes:c470hd:-:*:*:*:*:*:*:*
Конфигурация 2Версия до 3.4.4.1000 (включая)
Одновременно
cpe:2.3:o:audiocodes:c455hd_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:audiocodes:c455hd:-:*:*:*:*:*:*:*
Конфигурация 3Версия до 3.4.4.1000 (включая)
Одновременно
cpe:2.3:o:audiocodes:c435hd_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:audiocodes:c435hd:-:*:*:*:*:*:*:*
Конфигурация 4Версия до 3.4.4.1000 (включая)
Одновременно
cpe:2.3:o:audiocodes:445hd_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:audiocodes:445hd:-:*:*:*:*:*:*:*
Конфигурация 5Версия до 3.4.4.1000 (включая)
Одновременно
cpe:2.3:o:audiocodes:405hd_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:audiocodes:405hd:-:*:*:*:*:*:*:*
Конфигурация 6Версия до 3.4.4.1000 (включая)
Одновременно
cpe:2.3:o:audiocodes:c450hd_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:audiocodes:c450hd:-:*:*:*:*:*:*:*
EPSS
Процентиль: 53%
0.00305
Низкий
7.5 High
CVSS3
Дефекты
CWE-798
Связанные уязвимости
CVSS3: 7.5
github
больше 2 лет назад
An issue was discovered in libac_des3.so on AudioCodes VoIP desk phones through 3.4.4.1000. Due to the use of hard-coded cryptographic key, an attacker with access to backup or configuration files is able to decrypt encrypted values and retrieve sensitive information, e.g., the device root password.
EPSS
Процентиль: 53%
0.00305
Низкий
7.5 High
CVSS3
Дефекты
CWE-798