Vulnerability Description
A vulnerability has been found in Poly CCX 400, CCX 600, Trio 8800 and Trio C60 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Web Interface. The manipulation leads to protection mechanism failure. The attack can be launched remotely. The vendor explains that they do not regard this as a vulnerability as this is a feature that they offer to their customers who have a variety of environmental needs that are met through different firmware builds. To avoid potential roll-back attacks, they remove vulnerable builds from the public servers as a remediation effort. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249259.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Poly | Ccx 400 Firmware | - |
| Poly | Ccx 400 | - |
| Poly | Ccx 600 Firmware | - |
| Poly | Ccx 600 | - |
| Poly | Trio 8800 Firmware | - |
| Poly | Trio 8800 | - |
| Poly | Trio C60 Firmware | - |
| Poly | Trio C60 | - |
Related Weaknesses (CWE)
References
- https://fahrplan.events.ccc.de/congress/2023/fahrplan/events/11919.htmlNot Applicable
- https://github.com/modzero/MZ-23-01-Poly-VoIP-Devices
- https://modzero.com/en/advisories/mz-23-01-poly-voip/
- https://vuldb.com/?ctiid.249259Permissions RequiredThird Party AdvisoryVDB Entry
- https://vuldb.com/?id.249259Third Party AdvisoryVDB Entry
- https://fahrplan.events.ccc.de/congress/2023/fahrplan/events/11919.htmlNot Applicable
- https://github.com/modzero/MZ-23-01-Poly-VoIP-Devices
- https://modzero.com/en/advisories/mz-23-01-poly-voip/
- https://vuldb.com/?ctiid.249259Permissions RequiredThird Party AdvisoryVDB Entry
- https://vuldb.com/?id.249259Third Party AdvisoryVDB Entry
FAQ
What is CVE-2023-4466?
CVE-2023-4466 is a vulnerability with a CVSS score of 2.7 (LOW). A vulnerability has been found in Poly CCX 400, CCX 600, Trio 8800 and Trio C60 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Web Interface...
How severe is CVE-2023-4466?
CVE-2023-4466 has been rated LOW with a CVSS base score of 2.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-4466?
Check the references section above for vendor advisories and patch information. Affected products include: Poly Ccx 400 Firmware, Poly Ccx 400, Poly Ccx 600 Firmware, Poly Ccx 600, Poly Trio 8800 Firmware.