CVE-2023-22955

HIGH Year: 2023
CVSS v3 Score
7.8
High
Weakness Type
CWE-345
View all →

Vulnerability Description

An issue was discovered on AudioCodes VoIP desk phones through 3.4.4.1000. The validation of firmware images only consists of simple checksum checks for different firmware components. Thus, by knowing how to calculate and where to store the required checksums for the flasher tool, an attacker is able to store malicious firmware.

Related Vulnerabilities

CVE-2017-0563

HIGH
CVSS:7.8(High)

An elevation of privilege vulnerability in the HTC touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Crit...

CWE-3452017

CVE-2019-0805

HIGH
CVSS:7.8(High)

An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv.sys), aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE...

CWE-3452019

CVE-2019-10492

HIGH
CVSS:7.8(High)

Boot image not getting verified by AVB in Snapdragon Auto, Snapdragon Mobile, Snapdragon Wearables in MDM9607, MSM8909W, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD...

CWE-3452019

CVE-2019-18829

HIGH
CVSS:7.8(High)

Barco ClickShare Button R9861500D01 devices before 1.10.0.13 have Missing Support for Integrity Check. The Barco signed 'Clickshare_For_Windows.exe' binary on the ClickShare Button (R9861500D01) loads...

CWE-3452019

CVE-2020-14111

HIGH
CVSS:7.8(High)

A command injection vulnerability exists in the Xiaomi Router AX3600. The vulnerability is caused by a lack of inspection for incoming data detection. Attackers can exploit this vulnerability to execu...

CWE-3452020

CVE-2020-26893

HIGH
CVSS:7.8(High)

An issue was discovered in ClamXAV 3 before 3.1.1. A malicious actor could use a properly signed copy of ClamXAV 2 (running with an injected malicious dylib) to communicate with ClamXAV 3's helper too...

CWE-3452020