Vulnerability Details : CVE-2023-4466
A vulnerability has been found in Poly CCX 400, CCX 600, Trio 8800 and Trio C60 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Web Interface. The manipulation leads to protection mechanism failure. The attack can be launched remotely. The vendor explains that they do not regard this as a vulnerability as this is a feature that they offer to their customers who have a variety of environmental needs that are met through different firmware builds. To avoid potential roll-back attacks, they remove vulnerable builds from the public servers as a remediation effort. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249259.
Products affected by CVE-2023-4466
- cpe:2.3:o:poly:trio_8800_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:poly:ccx_400_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:poly:ccx_600_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:poly:trio_c60_firmware:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-4466
0.40%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 73 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-4466
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
3.3
|
LOW | AV:N/AC:L/Au:M/C:N/I:P/A:N |
6.4
|
2.9
|
VulDB | |
2.7
|
LOW | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N |
1.2
|
1.4
|
VulDB | |
4.9
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N |
1.2
|
3.6
|
NIST | 2024-01-05 |
CWE ids for CVE-2023-4466
-
The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.Assigned by: cna@vuldb.com (Primary)
References for CVE-2023-4466
-
https://github.com/modzero/MZ-23-01-Poly-VoIP-Devices
Page not found · GitHub · GitHub
-
https://fahrplan.events.ccc.de/congress/2023/fahrplan/events/11919.html
Lecture: Finding Vulnerabilities in Internet-Connected Devices | Friday | Schedule 37th Chaos Communication CongressNot Applicable
-
https://modzero.com/en/advisories/mz-23-01-poly-voip-devices/
404 Page not found / modzeroBroken Link
-
https://modzero.com/en/advisories/mz-23-01-poly-voip/
[MZ-23-01] Poly VoIP Devices / modzero
-
https://vuldb.com/?ctiid.249259
Login requiredPermissions Required;Third Party Advisory;VDB Entry
-
https://vuldb.com/?id.249259
CVE-2023-4466: Poly CCX 400/CCX 600/Trio 8800/Trio C60 Web Interface protection mechanism (MZ-23-01)Third Party Advisory;VDB Entry
Jump to