CVE-2025-34333

Опубликовано: 19 нояб. 2025

Источник: nvd

CVSS3: 7.8

EPSS Низкий

Описание

AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 configure the web document root at C:\F2MAdmin\F2E with overly permissive file system permissions. Authenticated local users have modify rights on this directory, while the associated web server process runs as NT AUTHORITY\SYSTEM. As a result, any local user can create or alter server-side scripts within the webroot and then trigger them via HTTP requests, causing arbitrary code to execute with SYSTEM privileges.

Ссылки

https://pierrekim.github.io/advisories/2025-audiocodes-fax-ivr.txt
Exploit
Third Party Advisory
https://pierrekim.github.io/blog/2025-11-20-audiocodes-fax-ivr-8-vulnerabilities.html
Exploit
Third Party Advisory
https://www.audiocodes.com/media/g1in2u2o/0548-product-notice-end-of-service-for-audiocodes-auto-attendant-ivr-solution.pdf
Product
https://www.vulncheck.com/advisories/audiocodes-fax-ivr-appliance-world-writable-webroot-lpe
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:audiocodes:fax_server:*:*:*:*:*:*:*:*

Версия до 2.6.23 (включая)

cpe:2.3:a:audiocodes:interactive_voice_response:*:*:*:*:*:*:*:*

Версия до 2.6.23 (включая)

EPSS

Процентиль: 8%

0.0003

Низкий

7.8 High

CVSS3

Дефекты

CWE-276

Связанные уязвимости

GHSA-g2p2-cfv2-vc48

CVSS3: 7.8

github

3 месяца назад

AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 configure the web document root at C:\\F2MAdmin\\F2E with overly permissive file system permissions. Authenticated local users have modify rights on this directory, while the associated web server process runs as NT AUTHORITY\\SYSTEM. As a result, any local user can create or alter server-side scripts within the webroot and then trigger them via HTTP requests, causing arbitrary code to execute with SYSTEM privileges.

EPSS

Процентиль: 8%

0.0003

Низкий

7.8 High

CVSS3

Дефекты

CWE-276