1. Home
  2. CVE Database
  3. CVE-2023-22956
HIGH · 7.5

CVE-2023-22956

An issue was discovered on AudioCodes VoIP desk phones through 3.4.4.1000. Due to the use of a hard-coded cryptographic key, an attacker is able to decrypt encrypted configuration files and retrieve s...

Vulnerability Description

An issue was discovered on AudioCodes VoIP desk phones through 3.4.4.1000. Due to the use of a hard-coded cryptographic key, an attacker is able to decrypt encrypted configuration files and retrieve sensitive information.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
NONE
Availability
NONE

Affected Products

VendorProductVersions
AudiocodesC470Hd Firmware<= 3.4.4.1000
AudiocodesC470Hd-
AudiocodesC455Hd Firmware<= 3.4.4.1000
AudiocodesC455Hd-
AudiocodesC435Hd Firmware<= 3.4.4.1000
AudiocodesC435Hd-
Audiocodes445Hd Firmware<= 3.4.4.1000
Audiocodes445Hd-
Audiocodes405Hd Firmware<= 3.4.4.1000
Audiocodes405Hd-
AudiocodesC450Hd Firmware<= 3.4.4.1000
AudiocodesC450Hd-

Related Weaknesses (CWE)

CWE-798

References

FAQ

What is CVE-2023-22956?

CVE-2023-22956 is a vulnerability with a CVSS score of 7.5 (HIGH). An issue was discovered on AudioCodes VoIP desk phones through 3.4.4.1000. Due to the use of a hard-coded cryptographic key, an attacker is able to decrypt encrypted configuration files and retrieve s...

How severe is CVE-2023-22956?

CVE-2023-22956 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-22956?

Check the references section above for vendor advisories and patch information. Affected products include: Audiocodes C470Hd Firmware, Audiocodes C470Hd, Audiocodes C455Hd Firmware, Audiocodes C455Hd, Audiocodes C435Hd Firmware.