Description

An issue was discovered on AudioCodes VoIP desk phones through 3.4.4.1000. The validation of firmware images only consists of simple checksum checks for different firmware components. Thus, by knowing how to calculate and where to store the required checksums for the flasher tool, an attacker is able to store malicious firmware.

Related CPE's

o

audiocodes

445hd_firmware

Vulnerable

h

audiocodes

445hd

-

o

audiocodes

405hd_firmware

Vulnerable

h

audiocodes

405hd

-

o

audiocodes

c450hd_firmware

Vulnerable

h

audiocodes

c450hd

-

References

http://packetstormsecurity.com/files/174214/AudioCodes-VoIP-Phones-Insufficient-Firmware-Validation.html

Third Party AdvisoryVDB Entry

http://seclists.org/fulldisclosure/2023/Aug/17

Mailing ListThird Party Advisory

https://syss.de

Not Applicable

https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-055.txt

ExploitVendor Advisory

http://packetstormsecurity.com/files/174214/AudioCodes-VoIP-Phones-Insufficient-Firmware-Validation.html

Third Party AdvisoryVDB Entry

http://seclists.org/fulldisclosure/2023/Aug/17

Mailing ListThird Party Advisory

https://syss.de

Not Applicable

https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-055.txt

ExploitVendor Advisory

Weaknesses

[email protected]

Primary
CWE-345

CVSS impact metrics

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.8 · High

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2023-08-11T18:15:14.607Z

2 years ago

Last modified

2025-04-17T11:04:52.510Z

8 months ago