CVE-2023-22955

An issue was discovered on AudioCodes VoIP desk phones through 3.4.4.1000. The validation of firmware images only consists of simple checksum checks for different firmware components. Thus, by knowing how to calculate and where to store the required checksums for the flasher tool, an attacker is able to store malicious firmware.

CVSS v3.0 7.8 HIGH

7.8^/10

CVSS v3.0 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://syss.de	Not Applicable
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-055.txt	Exploit Vendor Advisory
http://seclists.org/fulldisclosure/2023/Aug/17	Mailing List Third Party Advisory
http://packetstormsecurity.com/files/174214/AudioCodes-VoIP-Phones-Insufficient-Firmware-Validation.html	Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:audiocodes:c470hd_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:audiocodes:c470hd:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:audiocodes:c455hd_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:audiocodes:c455hd:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:audiocodes:c435hd_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:audiocodes:c435hd:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:audiocodes:445hd_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:audiocodes:445hd:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:audiocodes:405hd_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:audiocodes:405hd:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:audiocodes:c450hd_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:audiocodes:c450hd:-:*:*:*:*:*:*:*

Information

Published : 2023-08-11 20:15

Updated : 2023-08-22 17:09

NVD link : CVE-2023-22955

Mitre link : CVE-2023-22955

JSON object : View

Products Affected

audiocodes

c470hd_firmware
c450hd
c435hd
445hd
c455hd
c470hd
445hd_firmware
c435hd_firmware
405hd
405hd_firmware
c455hd_firmware
c450hd_firmware

CWE

CWE-345

Insufficient Verification of Data Authenticity

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://syss.de", "name": "https://syss.de", "tags": ["Not Applicable"], "refsource": "MISC"}, {"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-055.txt", "name": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-055.txt", "tags": ["Exploit", "Vendor Advisory"], "refsource": "MISC"}, {"url": "http://seclists.org/fulldisclosure/2023/Aug/17", "name": "20230815 Missing Immutable Root of Trust in Hardware (CWE-1326) / CVE-2023-22955", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "FULLDISC"}, {"url": "http://packetstormsecurity.com/files/174214/AudioCodes-VoIP-Phones-Insufficient-Firmware-Validation.html", "name": "http://packetstormsecurity.com/files/174214/AudioCodes-VoIP-Phones-Insufficient-Firmware-Validation.html", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "An issue was discovered on AudioCodes VoIP desk phones through 3.4.4.1000. The validation of firmware images only consists of simple checksum checks for different firmware components. Thus, by knowing how to calculate and where to store the required checksums for the flasher tool, an attacker is able to store malicious firmware."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-345"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2023-22955", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}}, "publishedDate": "2023-08-11T20:15Z", "configurations": {"nodes": [{"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:audiocodes:c470hd_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "3.4.4.1000"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:audiocodes:c470hd:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:audiocodes:c455hd_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "3.4.4.1000"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:audiocodes:c455hd:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:audiocodes:c435hd_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "3.4.4.1000"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:audiocodes:c435hd:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:audiocodes:445hd_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "3.4.4.1000"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:audiocodes:445hd:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:audiocodes:405hd_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "3.4.4.1000"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:audiocodes:405hd:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:audiocodes:c450hd_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "3.4.4.1000"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:audiocodes:c450hd:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2023-08-22T17:09Z"}