CVE-2023-22955 — HIGH (7.8)

Q: How severe is CVE-2023-22955?

CVE-2023-22955 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2023-22955?

Check the references section above for vendor advisories and patch information. Affected products include: Audiocodes 445Hd Firmware, Audiocodes 445Hd, Audiocodes 405Hd Firmware, Audiocodes 405Hd, Audiocodes C450Hd Firmware.

Vulnerability Description

An issue was discovered on AudioCodes VoIP desk phones through 3.4.4.1000. The validation of firmware images only consists of simple checksum checks for different firmware components. Thus, by knowing how to calculate and where to store the required checksums for the flasher tool, an attacker is able to store malicious firmware.

CVSS Score

7.8

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Audiocodes	445Hd Firmware	<= 3.4.4.1000
Audiocodes	445Hd	-
Audiocodes	405Hd Firmware	<= 3.4.4.1000
Audiocodes	405Hd	-
Audiocodes	C450Hd Firmware	<= 3.4.4.1000
Audiocodes	C450Hd	-

Related Weaknesses (CWE)

CWE-345

References

http://packetstormsecurity.com/files/174214/AudioCodes-VoIP-Phones-Insufficient-Third Party AdvisoryVDB Entry
http://seclists.org/fulldisclosure/2023/Aug/17Mailing ListThird Party Advisory
https://syss.deNot Applicable
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-055.tExploitVendor Advisory
http://packetstormsecurity.com/files/174214/AudioCodes-VoIP-Phones-Insufficient-Third Party AdvisoryVDB Entry
http://seclists.org/fulldisclosure/2023/Aug/17Mailing ListThird Party Advisory
https://syss.deNot Applicable
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-055.tExploitVendor Advisory

FAQ

What is CVE-2023-22955?

CVE-2023-22955 is a vulnerability with a CVSS score of 7.8 (HIGH). An issue was discovered on AudioCodes VoIP desk phones through 3.4.4.1000. The validation of firmware images only consists of simple checksum checks for different firmware components. Thus, by knowing...

How severe is CVE-2023-22955?

CVE-2023-22955 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-22955?

Check the references section above for vendor advisories and patch information. Affected products include: Audiocodes 445Hd Firmware, Audiocodes 445Hd, Audiocodes 405Hd Firmware, Audiocodes 405Hd, Audiocodes C450Hd Firmware.