Vulnerability CVE-2023-22955
Published: 2023-08-11

Description:
An issue was discovered on AudioCodes VoIP desk phones through 3.4.4.1000. The validation of firmware images only consists of simple checksum checks for different firmware components. Thus, by knowing how to calculate and where to store the required checksums for the flasher tool, an attacker is able to store malicious firmware.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
AudioCodes VoIP Phones Insufficient Firmware Validation
Matthias Deeg
17.08.2023

Type:

CWE-1326

 References:
https://syss.de
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-055.txt
Copyright 2024, cxsecurity.com

 

Back to Top