CVE-2023-4462

CVSS 3.1 Score 5.9 of 10 (medium)

Details

Published Dec 29, 2023

Updated: May 17, 2024

CWE ID 330

Summary

CVE-2023-4462 is a newly disclosed vulnerability affecting numerous Poly IP phones, including the Trio series, CCX models, and several EDGE and VVX variants. The issue lies within the Web Configuration Application, where manipulation of insufficiently random values occurs. Attacks can be initiated remotely, though the complexity and exploitability are reportedly high. The exploit has been made public, increasing the potential risk for affected organizations. The associated identifier for this vulnerability is VDB-249255.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/sNJMFF
https://www.cve.org/CVERecord?id=CVE-2023-4462
https://nvd.nist.gov/vuln/detail/CVE-2023-4462

Back to Vulnerability Database

CVE-2023-4462

CVSS 3.1 Score 5.9 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations