mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-31 18:51:16 +00:00
96 lines
3.3 KiB
JSON
96 lines
3.3 KiB
JSON
{
|
|
"id": "CVE-2023-4465",
|
|
"sourceIdentifier": "cna@vuldb.com",
|
|
"published": "2023-12-29T10:15:12.133",
|
|
"lastModified": "2023-12-29T13:56:27.537",
|
|
"vulnStatus": "Awaiting Analysis",
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "A vulnerability, which was classified as problematic, was found in Poly CCX 400, CCX 600, Trio 8800 and Trio C60. Affected is an unknown function of the component Configuration File Import. The manipulation of the argument device.auth.localAdminPassword leads to unverified password change. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-249258 is the identifier assigned to this vulnerability."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "Una vulnerabilidad clasificada como problem\u00e1tica fue encontrada en Poly CCX 400, CCX 600, Trio 8800 y Trio C60. Una funci\u00f3n desconocida del componente Configuration File Import es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento device.auth.localAdminPassword conduce a un cambio de contrase\u00f1a no verificado. Es posible lanzar el ataque de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. VDB-249258 es el identificador asignado a esta vulnerabilidad."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV31": [
|
|
{
|
|
"source": "cna@vuldb.com",
|
|
"type": "Secondary",
|
|
"cvssData": {
|
|
"version": "3.1",
|
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N",
|
|
"attackVector": "NETWORK",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "HIGH",
|
|
"userInteraction": "NONE",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "NONE",
|
|
"integrityImpact": "LOW",
|
|
"availabilityImpact": "NONE",
|
|
"baseScore": 2.7,
|
|
"baseSeverity": "LOW"
|
|
},
|
|
"exploitabilityScore": 1.2,
|
|
"impactScore": 1.4
|
|
}
|
|
],
|
|
"cvssMetricV2": [
|
|
{
|
|
"source": "cna@vuldb.com",
|
|
"type": "Secondary",
|
|
"cvssData": {
|
|
"version": "2.0",
|
|
"vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N",
|
|
"accessVector": "NETWORK",
|
|
"accessComplexity": "LOW",
|
|
"authentication": "MULTIPLE",
|
|
"confidentialityImpact": "NONE",
|
|
"integrityImpact": "PARTIAL",
|
|
"availabilityImpact": "NONE",
|
|
"baseScore": 3.3
|
|
},
|
|
"baseSeverity": "LOW",
|
|
"exploitabilityScore": 6.4,
|
|
"impactScore": 2.9,
|
|
"acInsufInfo": false,
|
|
"obtainAllPrivilege": false,
|
|
"obtainUserPrivilege": false,
|
|
"obtainOtherPrivilege": false,
|
|
"userInteractionRequired": false
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "cna@vuldb.com",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-620"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "https://fahrplan.events.ccc.de/congress/2023/fahrplan/events/11919.html",
|
|
"source": "cna@vuldb.com"
|
|
},
|
|
{
|
|
"url": "https://modzero.com/en/advisories/mz-23-01-poly-voip-devices/",
|
|
"source": "cna@vuldb.com"
|
|
},
|
|
{
|
|
"url": "https://vuldb.com/?ctiid.249258",
|
|
"source": "cna@vuldb.com"
|
|
},
|
|
{
|
|
"url": "https://vuldb.com/?id.249258",
|
|
"source": "cna@vuldb.com"
|
|
}
|
|
]
|
|
} |