CVE-2023-22955

An issue was discovered on AudioCodes VoIP desk phones through 3.4.4.1000. The validation of firmware images only consists of simple checksum checks for different firmware components. Thus, by knowing how to calculate and where to store the required checksums for the flasher tool, an attacker is able to store malicious firmware.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
http://packetstormsecurity.com/files/174214/AudioCodes-VoIP-Phones-Insufficient-Firmware-Validation.html	Third Party Advisory VDB Entry
http://seclists.org/fulldisclosure/2023/Aug/17	Mailing List Third Party Advisory
https://syss.de	Not Applicable
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-055.txt	Exploit Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:h:audiocodes:c470hd:-:*:*:*:*:*:*:*

cpe:2.3:o:audiocodes:c470hd_firmware:*:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:h:audiocodes:c455hd:-:*:*:*:*:*:*:*

cpe:2.3:o:audiocodes:c455hd_firmware:*:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:h:audiocodes:c435hd:-:*:*:*:*:*:*:*

cpe:2.3:o:audiocodes:c435hd_firmware:*:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:h:audiocodes:445hd:-:*:*:*:*:*:*:*

cpe:2.3:o:audiocodes:445hd_firmware:*:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:h:audiocodes:405hd:-:*:*:*:*:*:*:*

cpe:2.3:o:audiocodes:405hd_firmware:*:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:h:audiocodes:c450hd:-:*:*:*:*:*:*:*

cpe:2.3:o:audiocodes:c450hd_firmware:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2023-08-11 20:15

Updated : 2023-08-22 17:09

NVD link : CVE-2023-22955

Mitre link : CVE-2023-22955

CVE.ORG link : CVE-2023-22955

JSON object : View

Products Affected

audiocodes

c470hd_firmware
c470hd
c435hd_firmware
c450hd_firmware
405hd_firmware
405hd
c435hd
c450hd
445hd_firmware
c455hd_firmware
c455hd
445hd

CWE

CWE-345

Insufficient Verification of Data Authenticity

{"id": "CVE-2023-22955", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2023-08-11T20:15:14.607", "references": [{"url": "http://packetstormsecurity.com/files/174214/AudioCodes-VoIP-Phones-Insufficient-Firmware-Validation.html", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "http://seclists.org/fulldisclosure/2023/Aug/17", "tags": ["Mailing List", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://syss.de", "tags": ["Not Applicable"], "source": "cve@mitre.org"}, {"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-055.txt", "tags": ["Exploit", "Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-345"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered on AudioCodes VoIP desk phones through 3.4.4.1000. The validation of firmware images only consists of simple checksum checks for different firmware components. Thus, by knowing how to calculate and where to store the required checksums for the flasher tool, an attacker is able to store malicious firmware."}], "lastModified": "2023-08-22T17:09:40.927", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:audiocodes:c470hd:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "775A2A42-B3C2-454E-9677-22512DA3A17E"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:audiocodes:c470hd_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0AD6593B-6088-4EBB-899E-42142251874E", "versionEndIncluding": "3.4.4.1000"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:audiocodes:c455hd:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "58D3A875-ADA0-4126-AE7F-3A27F6ECC6B9"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:audiocodes:c455hd_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6B673481-C80C-4C76-968A-034303233827", "versionEndIncluding": "3.4.4.1000"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:audiocodes:c435hd:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "054FD690-9C40-4ADA-910A-1E18D7F5E7E4"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:audiocodes:c435hd_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6B52B0A3-52A7-4E10-B054-201A2E2D37CF", "versionEndIncluding": "3.4.4.1000"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:audiocodes:445hd:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "CF916875-0CAB-4185-8466-887DF7B78A7D"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:audiocodes:445hd_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D5E811CB-FDDD-4E7A-94AD-AD0EBA5F521F", "versionEndIncluding": "3.4.4.1000"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:audiocodes:405hd:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "67577D7D-EFCD-4CC1-8492-39D36817BAC8"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:audiocodes:405hd_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A71440BE-ABF8-4DED-B211-94C9812B51E3", "versionEndIncluding": "3.4.4.1000"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:audiocodes:c450hd:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "64EFD9E4-D694-43E2-88A5-8FB7431C5B98"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:audiocodes:c450hd_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5B3A5439-56D9-4E8D-A52B-EDBFA72BD3CB", "versionEndIncluding": "3.4.4.1000"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}