CVE-2023-4464— Poly VVX 601 Diagnostic Telnet Mode os command injection
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2023-4464
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Poly VVX 601 Diagnostic Telnet Mode os command injection
Source: NVD (National Vulnerability Database)
Vulnerability Description
A vulnerability, which was classified as critical, has been found in Poly Trio 8300, Trio 8500, Trio 8800, Trio C60, CCX 350, CCX 400, CCX 500, CCX 505, CCX 600, CCX 700, EDGE E100, EDGE E220, EDGE E300, EDGE E320, EDGE E350, EDGE E400, EDGE E450, EDGE E500, EDGE E550, VVX 101, VVX 150, VVX 201, VVX 250, VVX 300, VVX 301, VVX 310, VVX 311, VVX 350, VVX 400, VVX 401, VVX 410, VVX 411, VVX 450, VVX 500, VVX 501, VVX 600 and VVX 601. This issue affects some unknown processing of the component Diagnostic Telnet Mode. The manipulation leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. The identifier VDB-249257 was assigned to this vulnerability.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Poly CCX和Trio 操作系统命令注入漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Poly Trio是美国Poly公司的一款Trio系列的商务会议电话。 Poly CCX和Trio存在操作系统命令注入漏洞,该漏洞源于Diagnostic Telnet Mode组件存在操作系统命令注入漏洞。受影响的产品和版本:Poly CCX 400版本,CCX 600版本,Trio 8800版本,Trio C60版本。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Poly | Trio 8300 | n/a | - | |
| Poly | Trio 8500 | n/a | - | |
| Poly | Trio 8800 | n/a | - | |
| Poly | Trio C60 | n/a | - | |
| Poly | CCX 350 | n/a | - | |
| Poly | CCX 400 | n/a | - | |
| Poly | CCX 500 | n/a | - | |
| Poly | CCX 505 | n/a | - | |
| Poly | CCX 600 | n/a | - | |
| Poly | CCX 700 | n/a | - | |
| Poly | EDGE E100 | n/a | - | |
| Poly | EDGE E220 | n/a | - | |
| Poly | EDGE E300 | n/a | - | |
| Poly | EDGE E320 | n/a | - | |
| Poly | EDGE E350 | n/a | - | |
| Poly | EDGE E400 | n/a | - | |
| Poly | EDGE E450 | n/a | - | |
| Poly | EDGE E500 | n/a | - | |
| Poly | EDGE E550 | n/a | - | |
| Poly | VVX 101 | n/a | - | |
| Poly | VVX 150 | n/a | - | |
| Poly | VVX 201 | n/a | - | |
| Poly | VVX 250 | n/a | - | |
| Poly | VVX 300 | n/a | - | |
| Poly | VVX 301 | n/a | - | |
| Poly | VVX 310 | n/a | - | |
| Poly | VVX 311 | n/a | - | |
| Poly | VVX 350 | n/a | - | |
| Poly | VVX 400 | n/a | - | |
| Poly | VVX 401 | n/a | - | |
| Poly | VVX 410 | n/a | - | |
| Poly | VVX 411 | n/a | - | |
| Poly | VVX 450 | n/a | - | |
| Poly | VVX 500 | n/a | - | |
| Poly | VVX 501 | n/a | - | |
| Poly | VVX 600 | n/a | - | |
| Poly | VVX 601 | n/a | - |
II. Public POCs for CVE-2023-4464
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2023-4464
请登录查看更多情报信息。
Same Patch Batch · Poly · 2023-12-29 · 7 CVEs total
| CVE-2023-4467 | 6.2 MEDIUM | Poly Trio 8800 Test Automation Mode backdoor |
| CVE-2023-4463 | 5.3 MEDIUM | Poly CCX 400/CCX 600/Trio 8800/Trio C60 HTTP Header denial of service |
| CVE-2023-4468 | 4.3 MEDIUM | Poly Trio 8500/Trio 8800/Trio C60 Poly Lens Management Cloud Registration authorization |
| CVE-2023-4462 | 3.7 LOW | Poly VVX 601 Web Configuration Application random values |
| CVE-2023-4465 | 2.7 LOW | Poly VVX 601 Configuration File Import unverified password change |
| CVE-2023-4466 | 2.7 LOW | Poly CCX 400/CCX 600/Trio 8800/Trio C60 Web Interface protection mechanism |
IV. Related Vulnerabilities
Same vendor: Poly
- CVE-2024-6147
Poly Plantronics Hub Link Following Local Privilege Escalati - CVE-2023-4468
Poly Trio 8500/Trio 8800/Trio C60 Poly Lens Management Cloud - CVE-2023-4467
Poly Trio 8800 Test Automation Mode backdoor - CVE-2023-4466
Poly CCX 400/CCX 600/Trio 8800/Trio C60 Web Interface protec - CVE-2023-4465
Poly VVX 601 Configuration File Import unverified password c
Same weakness: CWE-78
V. Comments for CVE-2023-4464
No comments yet