QwikSec

Security Database

CVE

CWE

Training

CVE-2023-4463

Published: Dec 29, 2023

Modified: Aug 2, 2024

PUBLISHED

CVSS v3.1

5.3

MEDIUM

Description

A vulnerability classified as problematic was found in Poly CCX 400, CCX 600, Trio 8800 and Trio C60. This vulnerability affects unknown code of the component HTTP Header Handler. The manipulation of the argument Cookie leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249256.

Vendor	Product	Versions
Poly	CCX 400	affected `n/a`
Poly	CCX 600	affected `n/a`
Poly	Trio 8800	affected `n/a`
Poly	Trio C60	affected `n/a`

Weaknesses (CWE)

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

Low

References

https://vuldb.com/?id.249256

vdb-entry

technical-description

https://vuldb.com/?ctiid.249256

signature

permissions-required

https://modzero.com/en/advisories/mz-23-01-poly-voip/

related

https://github.com/modzero/MZ-23-01-Poly-VoIP-Devices

exploit

https://fahrplan.events.ccc.de/congress/2023/fahrplan/events/11919.html

related

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.