CVE-2023-4467

A vulnerability was found in Poly Trio 8800 7.2.6.0019 and classified as critical. Affected by this issue is some unknown functionality of the component Test Automation Mode. The manipulation leads to backdoor. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249260.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:poly:trio_8800_firmware:7.2.6.0019:*:*:*:*:*:*:*
cpe:2.3:h:poly:trio_8800:-:*:*:*:*:*:*:*

History

21 Nov 2024, 08:35

Type Values Removed Values Added
References () https://fahrplan.events.ccc.de/congress/2023/fahrplan/events/11919.html - Not Applicable () https://fahrplan.events.ccc.de/congress/2023/fahrplan/events/11919.html - Not Applicable
References () https://github.com/modzero/MZ-23-01-Poly-VoIP-Devices - () https://github.com/modzero/MZ-23-01-Poly-VoIP-Devices -
References () https://modzero.com/en/advisories/mz-23-01-poly-voip/ - () https://modzero.com/en/advisories/mz-23-01-poly-voip/ -
References () https://vuldb.com/?ctiid.249260 - Permissions Required, Third Party Advisory, VDB Entry () https://vuldb.com/?ctiid.249260 - Permissions Required, Third Party Advisory, VDB Entry
References () https://vuldb.com/?id.249260 - Third Party Advisory, VDB Entry () https://vuldb.com/?id.249260 - Third Party Advisory, VDB Entry
CVSS v2 : 6.5
v3 : 6.6
v2 : 6.5
v3 : 6.2

09 Jan 2024, 17:15

Type Values Removed Values Added
References
  • {'url': 'https://modzero.com/en/advisories/mz-23-01-poly-voip-devices/', 'tags': ['Broken Link'], 'source': 'cna@vuldb.com'}
  • () https://github.com/modzero/MZ-23-01-Poly-VoIP-Devices -
  • () https://modzero.com/en/advisories/mz-23-01-poly-voip/ -

05 Jan 2024, 17:34

Type Values Removed Values Added
CPE cpe:2.3:o:poly:trio_8800_firmware:7.2.6.0019:*:*:*:*:*:*:*
cpe:2.3:h:poly:trio_8800:-:*:*:*:*:*:*:*
CVSS v2 : 6.5
v3 : 6.2
v2 : 6.5
v3 : 6.6
First Time Poly
Poly trio 8800 Firmware
Poly trio 8800
References () https://fahrplan.events.ccc.de/congress/2023/fahrplan/events/11919.html - () https://fahrplan.events.ccc.de/congress/2023/fahrplan/events/11919.html - Not Applicable
References () https://modzero.com/en/advisories/mz-23-01-poly-voip-devices/ - () https://modzero.com/en/advisories/mz-23-01-poly-voip-devices/ - Broken Link
References () https://vuldb.com/?ctiid.249260 - () https://vuldb.com/?ctiid.249260 - Permissions Required, Third Party Advisory, VDB Entry
References () https://vuldb.com/?id.249260 - () https://vuldb.com/?id.249260 - Third Party Advisory, VDB Entry

29 Dec 2023, 13:56

Type Values Removed Values Added
Summary
  • (es) Una vulnerabilidad fue encontrada en Poly Trio 8800 7.2.6.0019 y clasificada como crítica. Una función desconocida del componente Test Automation Mode es afectada por este problema. La manipulación conduce a una puerta trasera. Es posible lanzar el ataque al dispositivo físico. La explotación ha sido divulgada al público y puede utilizarse. El identificador de esta vulnerabilidad es VDB-249260.

29 Dec 2023, 10:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-12-29 10:15

Updated : 2024-11-21 08:35


NVD link : CVE-2023-4467

Mitre link : CVE-2023-4467

CVE.ORG link : CVE-2023-4467


JSON object : View

Products Affected

poly

  • trio_8800_firmware
  • trio_8800
CWE
CWE-912

Hidden Functionality