A vulnerability classified as problematic was found in Poly CCX 400, CCX 600, Trio 8800 and Trio C60. This vulnerability affects unknown code of the component HTTP Header Handler. The manipulation of the argument Cookie leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249256.
References
Link | Resource |
---|---|
https://fahrplan.events.ccc.de/congress/2023/fahrplan/events/11919.html | Not Applicable |
https://github.com/modzero/MZ-23-01-Poly-VoIP-Devices | |
https://modzero.com/en/advisories/mz-23-01-poly-voip/ | |
https://vuldb.com/?ctiid.249256 | Permissions Required |
https://vuldb.com/?id.249256 | Third Party Advisory |
https://modzero.com/en/blog/multiple-vulnerabilities-in-poly-products/ | Exploit Third Party Advisory |
https://fahrplan.events.ccc.de/congress/2023/fahrplan/events/11919.html | Not Applicable |
https://github.com/modzero/MZ-23-01-Poly-VoIP-Devices | |
https://modzero.com/en/advisories/mz-23-01-poly-voip/ | |
https://vuldb.com/?ctiid.249256 | Permissions Required |
https://vuldb.com/?id.249256 | Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
History
21 Nov 2024, 08:35
Type | Values Removed | Values Added |
---|---|---|
References | () https://fahrplan.events.ccc.de/congress/2023/fahrplan/events/11919.html - Not Applicable | |
References | () https://github.com/modzero/MZ-23-01-Poly-VoIP-Devices - | |
References | () https://modzero.com/en/advisories/mz-23-01-poly-voip/ - | |
References | () https://vuldb.com/?ctiid.249256 - Permissions Required | |
References | () https://vuldb.com/?id.249256 - Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 5.3 |
05 Jan 2024, 22:23
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
References | () https://fahrplan.events.ccc.de/congress/2023/fahrplan/events/11919.html - Not Applicable | |
References | () https://vuldb.com/?ctiid.249256 - Permissions Required | |
References | () https://vuldb.com/?id.249256 - Third Party Advisory | |
References | () https://modzero.com/en/advisories/mz-23-01-poly-voip-devices/ - Broken Link | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
CPE | cpe:2.3:o:poly:trio_8800_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:poly:ccx_600_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:poly:trio_c60_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:poly:ccx_600:-:*:*:*:*:*:*:* cpe:2.3:h:poly:trio_8800:-:*:*:*:*:*:*:* cpe:2.3:h:poly:ccx_400:-:*:*:*:*:*:*:* cpe:2.3:h:poly:trio_c60:-:*:*:*:*:*:*:* cpe:2.3:o:poly:ccx_400_firmware:-:*:*:*:*:*:*:* |
29 Dec 2023, 13:56
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-12-29 10:15
Updated : 2024-11-21 08:35
NVD link : CVE-2023-4463
Mitre link : CVE-2023-4463
CVE.ORG link : CVE-2023-4463
JSON object : View
Products Affected
poly
- trio_c60
- trio_c60_firmware
- ccx_600_firmware
- ccx_600
- trio_8800
- ccx_400_firmware
- trio_8800_firmware
- ccx_400
CWE
CWE-404
Improper Resource Shutdown or Release