CVE-2023-4463 : A vulnerability classified as problematic was found in Poly CCX 400, CCX 600, Tr

A vulnerability classified as problematic was found in Poly CCX 400, CCX 600, Trio 8800 and Trio C60. This vulnerability affects unknown code of the component HTTP Header Handler. The manipulation of the argument Cookie leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249256.

Published 2023-12-29 10:15:11

Updated 2024-05-17 02:31:36

Source VulDB

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2023-4463

Poly » Trio 8800 Firmware » Version: N/A
cpe:2.3:o:poly:trio_8800_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Poly » Trio 8800 » Version: N/A
Poly » Ccx 400 Firmware » Version: N/A
cpe:2.3:o:poly:ccx_400_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Poly » Ccx 400 » Version: N/A
Poly » Ccx 600 Firmware » Version: N/A
cpe:2.3:o:poly:ccx_600_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Poly » Ccx 600 » Version: N/A
Poly » Trio C60 Firmware » Version: N/A
cpe:2.3:o:poly:trio_c60_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Poly » Trio C60 » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2023-4463

EPSS FAQ

0.42%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 60 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2023-4463

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
5.0	MEDIUM	AV:N/AC:L/Au:N/C:N/I:N/A:P	10.0	2.9	VulDB
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial
5.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L	3.9	1.4	VulDB
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: Low
7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	3.9	3.6	NIST	2024-01-05
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2023-4463

CWE-404 Improper Resource Shutdown or Release

The product does not release or incorrectly releases a resource before it is made available for re-use.

Assigned by: cna@vuldb.com (Primary)

References for CVE-2023-4463

https://github.com/modzero/MZ-23-01-Poly-VoIP-Devices

Page not found · GitHub · GitHub

CVEs referencing this url
https://vuldb.com/?id.249256

CVE-2023-4463: Poly CCX 400/CCX 600/Trio 8800/Trio C60 HTTP Header denial of service (MZ-23-01)
Third Party Advisory
https://fahrplan.events.ccc.de/congress/2023/fahrplan/events/11919.html

Lecture: Finding Vulnerabilities in Internet-Connected Devices | Friday | Schedule 37th Chaos Communication Congress
Not Applicable

CVEs referencing this url
https://modzero.com/en/advisories/mz-23-01-poly-voip-devices/

404 Page not found / modzero
Broken Link

CVEs referencing this url
https://vuldb.com/?ctiid.249256

Login required
Permissions Required
https://modzero.com/en/advisories/mz-23-01-poly-voip/

[MZ-23-01] Poly VoIP Devices / modzero

CVEs referencing this url
https://modzero.com/en/blog/multiple-vulnerabilities-in-poly-products/

Multiple Vulnerabilities in Poly VoIP Products / modzero
Exploit;Third Party Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2023-4463

Products affected by CVE-2023-4463

Exploit prediction scoring system (EPSS) score for CVE-2023-4463

CVSS scores for CVE-2023-4463

CWE ids for CVE-2023-4463

References for CVE-2023-4463