CVE-2023-4467

A vulnerability was found in Poly Trio 8800 7.2.6.0019 and classified as critical. Affected by this issue is some unknown functionality of the component Test Automation Mode. The manipulation leads to backdoor. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249260.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:poly:trio_8800_firmware:7.2.6.0019:*:*:*:*:*:*:*
cpe:2.3:h:poly:trio_8800:-:*:*:*:*:*:*:*

History

21 Nov 2024, 08:35

Type Values Removed Values Added
CVSS v2 : 6.5
v3 : 6.6
v2 : 6.5
v3 : 6.2
References () https://fahrplan.events.ccc.de/congress/2023/fahrplan/events/11919.html - Not Applicable () https://fahrplan.events.ccc.de/congress/2023/fahrplan/events/11919.html - Not Applicable
References () https://github.com/modzero/MZ-23-01-Poly-VoIP-Devices - () https://github.com/modzero/MZ-23-01-Poly-VoIP-Devices -
References () https://modzero.com/en/advisories/mz-23-01-poly-voip/ - () https://modzero.com/en/advisories/mz-23-01-poly-voip/ -
References () https://vuldb.com/?ctiid.249260 - Permissions Required, Third Party Advisory, VDB Entry () https://vuldb.com/?ctiid.249260 - Permissions Required, Third Party Advisory, VDB Entry
References () https://vuldb.com/?id.249260 - Third Party Advisory, VDB Entry () https://vuldb.com/?id.249260 - Third Party Advisory, VDB Entry

09 Jan 2024, 17:15

Type Values Removed Values Added
References
  • {'url': 'https://modzero.com/en/advisories/mz-23-01-poly-voip-devices/', 'name': 'https://modzero.com/en/advisories/mz-23-01-poly-voip-devices/', 'tags': ['Broken Link'], 'refsource': ''}
  • () https://modzero.com/en/advisories/mz-23-01-poly-voip/ -
  • () https://github.com/modzero/MZ-23-01-Poly-VoIP-Devices -

05 Jan 2024, 17:34

Type Values Removed Values Added
References () https://vuldb.com/?id.249260 - () https://vuldb.com/?id.249260 - Third Party Advisory, VDB Entry
References () https://vuldb.com/?ctiid.249260 - () https://vuldb.com/?ctiid.249260 - Permissions Required, Third Party Advisory, VDB Entry
References () https://fahrplan.events.ccc.de/congress/2023/fahrplan/events/11919.html - () https://fahrplan.events.ccc.de/congress/2023/fahrplan/events/11919.html - Not Applicable
References () https://modzero.com/en/advisories/mz-23-01-poly-voip-devices/ - () https://modzero.com/en/advisories/mz-23-01-poly-voip-devices/ - Broken Link
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.6
CPE cpe:2.3:o:poly:trio_8800_firmware:7.2.6.0019:*:*:*:*:*:*:*
cpe:2.3:h:poly:trio_8800:-:*:*:*:*:*:*:*
First Time Poly trio 8800
Poly trio 8800 Firmware
Poly

29 Dec 2023, 10:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-12-29 10:15

Updated : 2024-11-21 08:35


NVD link : CVE-2023-4467

Mitre link : CVE-2023-4467

CVE.ORG link : CVE-2023-4467


JSON object : View

Products Affected

poly

  • trio_8800
  • trio_8800_firmware
CWE
CWE-912

Hidden Functionality