CVE-2022-24627
CVSS 3.1 Score 9.8 of 10 (high)
Details
Summary
CVE-2022-24627 is a newly disclosed vulnerability affecting AudioCodes Device Manager Express versions up to 7.8.20002.47752. This issue is significant as it allows unauthenticated attackers to inject SQL queries into the p parameter of the process_login.php login form. By exploiting this SQL injection vulnerability, attackers can potentially gain unauthorized access to sensitive information or even take control of the affected system. This can lead to serious consequences, including data theft, unauthorized system modifications, and potential system downtime. It is strongly recommended that affected organizations apply the necessary patches or updates as soon as possible to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Vendors
- AudioCodes