Vulnerability CVE-2018-16219


Published: 2019-04-25   Modified: 2019-04-26

Description:
A missing password verification in the web interface in AudioCodes 405HD VoIP phone with firmware 2.2.12 allows an remote attacker (in the same network as the device) to change the admin password without authentication via a POST request.

Type:

CWE-287

(Improper Authentication)

CVSS2 => (AV:A/AC:L/Au:N/C:N/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
3.3/10
2.9/10
6.5/10
Exploit range
Attack complexity
Authentication
Adjacent network
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None
Affected software
Audiocodes -> 405hd firmware 

 References:
https://www.sit.fraunhofer.de/fileadmin/dokumente/CVE/Advisory_AudioCodes_405HD.pdf

Copyright 2023, cxsecurity.com

 

Back to Top