CVE-2018-18567

AudioCodes 440HD and 450HD devices 3.1.2.89 and earlier allows man-in-the-middle attackers to obtain sensitive credential information by leveraging failure to validate X.509 certificates when used with an on-premise installation with Skype for Business.
References
Link Resource
http://www.securitytracker.com/id/1041956 Third Party Advisory VDB Entry
https://seclists.org/bugtraq/2018/Oct/32 Exploit Mailing List Third Party Advisory
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-026.txt Exploit Third Party Advisory
http://www.securitytracker.com/id/1041956 Third Party Advisory VDB Entry
https://seclists.org/bugtraq/2018/Oct/32 Exploit Mailing List Third Party Advisory
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-026.txt Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:audiocodes:440hd_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:audiocodes:440hd:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:audiocodes:450hd_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:audiocodes:450hd:-:*:*:*:*:*:*:*

History

21 Nov 2024, 03:56

Type Values Removed Values Added
References () http://www.securitytracker.com/id/1041956 - Third Party Advisory, VDB Entry () http://www.securitytracker.com/id/1041956 - Third Party Advisory, VDB Entry
References () https://seclists.org/bugtraq/2018/Oct/32 - Exploit, Mailing List, Third Party Advisory () https://seclists.org/bugtraq/2018/Oct/32 - Exploit, Mailing List, Third Party Advisory
References () https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-026.txt - Exploit, Third Party Advisory () https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-026.txt - Exploit, Third Party Advisory

Information

Published : 2018-10-24 22:29

Updated : 2024-11-21 03:56


NVD link : CVE-2018-18567

Mitre link : CVE-2018-18567

CVE.ORG link : CVE-2018-18567


JSON object : View

Products Affected

audiocodes

  • 450hd_firmware
  • 440hd
  • 440hd_firmware
  • 450hd
CWE
CWE-295

Improper Certificate Validation