How severe is CVE-2023-4466?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.9 out of 10.

What type of vulnerability is CVE-2023-4466?

This is classified as CWE-693, which is a common weakness in software security.

CVE-2023-4466 - MEDIUM Severity | CVSS 4.9

Vulnerability Description

A vulnerability has been found in Poly CCX 400, CCX 600, Trio 8800 and Trio C60 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Web Interface. The manipulation leads to protection mechanism failure. The attack can be launched remotely. The vendor explains that they do not regard this as a vulnerability as this is a feature that they offer to their customers who have a variety of environmental needs that are met through different firmware builds. To avoid potential roll-back attacks, they remove vulnerable builds from the public servers as a remediation effort. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249259.

Related Vulnerabilities

CVE-2021-36310

MEDIUM

CVSS:4.9(Medium)

Dell Networking OS10, versions 10.4.3.x, 10.5.0.x, 10.5.1.x & 10.5.2.x, contain an uncontrolled resource consumption flaw in its API service. A high-privileged API user may potentially exploit this vu...

CWE-6932021

CVE-2022-32537

MEDIUM

CVSS:4.8(Medium)

A vulnerability exists which could allow an unauthorized user to learn aspects of the communication protocol used to pair system components while the pump is being paired with other system components....

CWE-6932022

CVE-2023-4039

MEDIUM

CVSS:4.8(Medium)

**DISPUTED**A failure in the -fstack-protector feature in GCC-based toolchains that target AArch64 allows an attacker to exploit an existing buffer overflow in dynamically-sized local variables in you...

CWE-6932023

CVE-2024-21423

MEDIUM

CVSS:4.8(Medium)

Microsoft Edge (Chromium-based) Information Disclosure Vulnerability

CWE-6932024

CVE-2018-15423

MEDIUM

CVSS:4.7(Medium)

A vulnerability in the web UI of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to affect the integrity of a device via a clickjacking attack. The vulnerability is due to ins...

CWE-6932018

CVE-2021-1616

MEDIUM

CVSS:4.7(Medium)

A vulnerability in the H.323 application level gateway (ALG) used by the Network Address Translation (NAT) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass th...

CWE-6932021