CVE-2023-4467
MEDIUM
6,2
Source: [email protected]
Attack Vector: physical
Attack Complexity: low
Privileges Required: high
User Interaction: none
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: high
MEDIUM
6,5
Source: [email protected]
Access Vector: local
Access Complexity: low
Authentication: multiple
Confidentiality: complete
Integrity: complete
Availability: complete
Description
AI Translation Available
A vulnerability was found in Poly Trio 8800 7.2.6.0019 and classified as critical. Affected by this issue is some unknown functionality of the component Test Automation Mode. The manipulation leads to backdoor. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249260.
EPSS (Exploit Prediction Scoring System)
Trend Analysis
EPSS (Exploit Prediction Scoring System)
Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.
EPSS Score
0,0004
Percentile
0,1th
Updated
EPSS Score Trend (Last 90 Days)
912
Hidden Functionality
IncompleteCommon Consequences
Security Scopes Affected:
Other
Integrity
Potential Impacts:
Varies By Context
Alter Execution Logic
Applicable Platforms
Technologies:
Not Technology-Specific, ICS/OT
Operating System
Trio 8800 Firmware by Poly
CPE Identifier
View Detailed Analysis
cpe:2.3:o:poly:trio_8800_firmware:7.2.6.0019:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://fahrplan.events.ccc.de/congress/2023/fahrplan/events/11919.html
https://github.com/modzero/MZ-23-01-Poly-VoIP-Devices
https://modzero.com/en/advisories/mz-23-01-poly-voip/
https://vuldb.com/?ctiid.249260
https://vuldb.com/?id.249260
https://fahrplan.events.ccc.de/congress/2023/fahrplan/events/11919.html
https://github.com/modzero/MZ-23-01-Poly-VoIP-Devices
https://modzero.com/en/advisories/mz-23-01-poly-voip/
https://vuldb.com/?ctiid.249260
https://vuldb.com/?id.249260