CVE-2023-22955

HIGH

Audiocodes 445hd Firmware < 3.4.4.1000 - Data Authenticity Bypass

Title source: rule

Description

An issue was discovered on AudioCodes VoIP desk phones through 3.4.4.1000. The validation of firmware images only consists of simple checksum checks for different firmware components. Thus, by knowing how to calculate and where to store the required checksums for the flasher tool, an attacker is able to store malicious firmware.

References (4)

[Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/174214/AudioCodes-VoIP-Phones-Insufficient-Firmware-Validation.html

[Not Applicable] https://syss.de

[Exploit, Vendor Advisory] https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-055.txt

[Mailing List, Third Party Advisory] http://seclists.org/fulldisclosure/2023/Aug/17

Scores

CVSS v3 7.8

EPSS 0.0007

EPSS Percentile 20.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-345

Status published

Products (3)

audiocodes/405hd_firmware < 3.4.4.1000

audiocodes/445hd_firmware < 3.4.4.1000

audiocodes/c450hd_firmware < 3.4.4.1000

Published Aug 11, 2023

Tracked Since Feb 18, 2026