CVE-2023-4465

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Dec 29, 2023

Updated: May 17, 2024

CWE ID 620

Summary

CVE-2023-4465 is a newly disclosed vulnerability affecting several Poly VoIP phone models, including Poly Trio 8300, Trio 8500, Trio 8800, and others. The issue lies within the Configuration File Import component, specifically an unknown function. An attacker can manipulate the argument device.auth.localAdminPassword, resulting in an unverified password change. This vulnerability can be exploited remotely, and the exploit has been made public, posing a significant risk. VDB-249258 is the identifier assigned to this issue.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/sasRwY
https://www.cve.org/CVERecord?id=CVE-2023-4465
https://nvd.nist.gov/vuln/detail/CVE-2023-4465

Back to Vulnerability Database

CVE-2023-4465

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations