CVE-2023-4464

CVSS 3.1 Score 7.2 of 10 (high)

Details

Published Dec 29, 2023
Updated: May 17, 2024
CWE ID 78

Summary

CVE-2023-4464 is a critical vulnerability that affects multiple Poly Technologies IP phones, including Trio 8300, Trio 8500, and VVX series. The issue lies in the Diagnostic Telnet Mode component, which can be exploited through unknown processing to inject OS commands. Attacks can be initiated remotely, and the exploit has been made public. The identifier VDB-249257 was assigned to this vulnerability, and upgrading the affected component is recommended to mitigate the risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share