An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. Remote code execution can be achieved via directory traversal in the dir parameter of the file upload functionality of BrowseFiles.php. An attacker can upload a .php file to WebAdmin/admin/AudioCodes_files/ajax/.
References
Link | Resource |
---|---|
http://seclists.org/fulldisclosure/2023/Feb/12 | Exploit Mailing List Third Party Advisory |
http://seclists.org/fulldisclosure/2023/Feb/12 | Exploit Mailing List Third Party Advisory |
Configurations
History
21 Nov 2024, 06:50
Type | Values Removed | Values Added |
---|---|---|
References | () http://seclists.org/fulldisclosure/2023/Feb/12 - Exploit, Mailing List, Third Party Advisory |
02 Jun 2023, 03:05
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-22 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
CPE | cpe:2.3:a:audiocodes:device_manager_express:*:*:*:*:*:*:*:* | |
References | (MISC) http://seclists.org/fulldisclosure/2023/Feb/12 - Exploit, Mailing List, Third Party Advisory |
29 May 2023, 21:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-05-29 21:15
Updated : 2024-11-21 06:50
NVD link : CVE-2022-24629
Mitre link : CVE-2022-24629
CVE.ORG link : CVE-2022-24629
JSON object : View
Products Affected
audiocodes
- device_manager_express
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')