CVE-2023-4463
Severity CVSS v4.0:
Pending analysis
Type:
CWE-404
Improper Resource Shutdown or Release
Publication date:
29/12/2023
Last modified:
17/05/2024
Description
A vulnerability classified as problematic was found in Poly CCX 400, CCX 600, Trio 8800 and Trio C60. This vulnerability affects unknown code of the component HTTP Header Handler. The manipulation of the argument Cookie leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249256.
Impact
Base Score 3.x
7.50
Severity 3.x
HIGH
Base Score 2.0
5.00
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:poly:ccx_400_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:poly:ccx_400:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:poly:ccx_600_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:poly:ccx_600:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:poly:trio_8800_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:poly:trio_8800:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:poly:trio_c60_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:poly:trio_c60:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://fahrplan.events.ccc.de/congress/2023/fahrplan/events/11919.html
- https://github.com/modzero/MZ-23-01-Poly-VoIP-Devices
- https://modzero.com/en/advisories/mz-23-01-poly-voip/
- https://modzero.com/en/blog/multiple-vulnerabilities-in-poly-products/
- https://vuldb.com/?ctiid_249256=
- https://vuldb.com/?id_249256=