CVE-2023-22956

Severity CVSS v4.0:
Pending analysis
Type:
CWE-798 Use of Hard-coded Credentials
Publication date:
11/08/2023
Last modified:
22/08/2023

Description

An issue was discovered on AudioCodes VoIP desk phones through 3.4.4.1000. Due to the use of a hard-coded cryptographic key, an attacker is able to decrypt encrypted configuration files and retrieve sensitive information.

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:audiocodes:c470hd_firmware:*:*:*:*:*:*:*:* 3.4.4.1000 (including)
cpe:2.3:h:audiocodes:c470hd:-:*:*:*:*:*:*:*
cpe:2.3:o:audiocodes:c455hd_firmware:*:*:*:*:*:*:*:* 3.4.4.1000 (including)
cpe:2.3:h:audiocodes:c455hd:-:*:*:*:*:*:*:*
cpe:2.3:o:audiocodes:c435hd_firmware:*:*:*:*:*:*:*:* 3.4.4.1000 (including)
cpe:2.3:h:audiocodes:c435hd:-:*:*:*:*:*:*:*
cpe:2.3:o:audiocodes:445hd_firmware:*:*:*:*:*:*:*:* 3.4.4.1000 (including)
cpe:2.3:h:audiocodes:445hd:-:*:*:*:*:*:*:*
cpe:2.3:o:audiocodes:405hd_firmware:*:*:*:*:*:*:*:* 3.4.4.1000 (including)
cpe:2.3:h:audiocodes:405hd:-:*:*:*:*:*:*:*
cpe:2.3:o:audiocodes:c450hd_firmware:*:*:*:*:*:*:*:* 3.4.4.1000 (including)
cpe:2.3:h:audiocodes:c450hd:-:*:*:*:*:*:*:*