Description
An issue was discovered on AudioCodes VoIP desk phones through 3.4.4.1000. Due to the use of a hard-coded cryptographic key, an attacker is able to decrypt encrypted configuration files and retrieve sensitive information.
Related CPE's
Vulnerable
Vulnerable
Vulnerable
Vulnerable
Vulnerable
Vulnerable
References
http://packetstormsecurity.com/files/174216/AudioCodes-VoIP-Phones-Hardcoded-Key.html
ExploitThird Party AdvisoryVDB Entry
http://seclists.org/fulldisclosure/2023/Aug/16
Mailing ListThird Party Advisory
Not Applicable
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-054.txt
ExploitVendor Advisory
CVSS impact metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 · High
CVSS V3.1
CVSS V3.0
CVSS V2.0
Information
Source identifier
Vulnerability status
Analyzed
Published
2023-08-11T20:15:14.703
1 year agoLast modified
2023-08-22T17:09:33.733
1 year ago