Vulnerability Description
The MagicJack device, a VoIP solution for internet phone calls, contains a hidden NAND flash memory partition allowing unauthorized read/write access. Attackers can exploit this by replacing the original software with a malicious version, leading to ransomware deployment on the host computer. Affected devices have firmware versions prior to magicJack A921 USB Phone Jack Rev 3.0 V1.4.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Magicjack | A921 Firmware | 1.4 |
| Magicjack | A921 | 3.0 |
Related Weaknesses (CWE)
References
- https://drive.google.com/drive/folders/1cKd8hksThK610GPtBQ3du8DEkwKywlAi?usp=shaExploit
- https://pastebin.com/raw/irWcawp8Third Party Advisory
- https://samuraisecurity.co.uk/red-teaming-0x01-click-rce-via-voip-usb/ExploitTechnical DescriptionThird Party Advisory
- https://www.magicjack.com/Product
- https://drive.google.com/drive/folders/1cKd8hksThK610GPtBQ3du8DEkwKywlAi?usp=shaExploit
- https://pastebin.com/raw/irWcawp8Third Party Advisory
- https://samuraisecurity.co.uk/red-teaming-0x01-click-rce-via-voip-usb/ExploitTechnical DescriptionThird Party Advisory
- https://www.magicjack.com/Product
FAQ
What is CVE-2023-30024?
CVE-2023-30024 is a vulnerability with a CVSS score of 6.6 (MEDIUM). The MagicJack device, a VoIP solution for internet phone calls, contains a hidden NAND flash memory partition allowing unauthorized read/write access. Attackers can exploit this by replacing the origi...
How severe is CVE-2023-30024?
CVE-2023-30024 has been rated MEDIUM with a CVSS base score of 6.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-30024?
Check the references section above for vendor advisories and patch information. Affected products include: Magicjack A921 Firmware, Magicjack A921.