CVE-2023-4465— Poly VVX 601 Configuration File Import unverified password change
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2023-4465
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Poly VVX 601 Configuration File Import unverified password change
Source: NVD (National Vulnerability Database)
Vulnerability Description
A vulnerability, which was classified as problematic, was found in Poly Trio 8300, Trio 8500, Trio 8800, Trio C60, CCX 350, CCX 400, CCX 500, CCX 505, CCX 600, CCX 700, EDGE E100, EDGE E220, EDGE E300, EDGE E320, EDGE E350, EDGE E400, EDGE E450, EDGE E500, EDGE E550, VVX 101, VVX 150, VVX 201, VVX 250, VVX 300, VVX 301, VVX 310, VVX 311, VVX 350, VVX 400, VVX 401, VVX 410, VVX 411, VVX 450, VVX 500, VVX 501, VVX 600 and VVX 601. Affected is an unknown function of the component Configuration File Import. The manipulation of the argument device.auth.localAdminPassword leads to unverified password change. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-249258 is the identifier assigned to this vulnerability.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
未经验证的口令修改
Source: NVD (National Vulnerability Database)
Vulnerability Title
Poly CCX和Trio 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Poly Trio是美国Poly公司的一款Trio系列的商务会议电话。 Poly CCX和Trio存在安全漏洞,该漏洞源于Configuration File Import组件的参数device.auth.localAdminPassword存在密码修改漏洞。受影响的产品和版本:Poly CCX 400版本,CCX 600版本,Trio 8800版本,Trio C60版本。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Poly | Trio 8300 | n/a | - | |
| Poly | Trio 8500 | n/a | - | |
| Poly | Trio 8800 | n/a | - | |
| Poly | Trio C60 | n/a | - | |
| Poly | CCX 350 | n/a | - | |
| Poly | CCX 400 | n/a | - | |
| Poly | CCX 500 | n/a | - | |
| Poly | CCX 505 | n/a | - | |
| Poly | CCX 600 | n/a | - | |
| Poly | CCX 700 | n/a | - | |
| Poly | EDGE E100 | n/a | - | |
| Poly | EDGE E220 | n/a | - | |
| Poly | EDGE E300 | n/a | - | |
| Poly | EDGE E320 | n/a | - | |
| Poly | EDGE E350 | n/a | - | |
| Poly | EDGE E400 | n/a | - | |
| Poly | EDGE E450 | n/a | - | |
| Poly | EDGE E500 | n/a | - | |
| Poly | EDGE E550 | n/a | - | |
| Poly | VVX 101 | n/a | - | |
| Poly | VVX 150 | n/a | - | |
| Poly | VVX 201 | n/a | - | |
| Poly | VVX 250 | n/a | - | |
| Poly | VVX 300 | n/a | - | |
| Poly | VVX 301 | n/a | - | |
| Poly | VVX 310 | n/a | - | |
| Poly | VVX 311 | n/a | - | |
| Poly | VVX 350 | n/a | - | |
| Poly | VVX 400 | n/a | - | |
| Poly | VVX 401 | n/a | - | |
| Poly | VVX 410 | n/a | - | |
| Poly | VVX 411 | n/a | - | |
| Poly | VVX 450 | n/a | - | |
| Poly | VVX 500 | n/a | - | |
| Poly | VVX 501 | n/a | - | |
| Poly | VVX 600 | n/a | - | |
| Poly | VVX 601 | n/a | - |
II. Public POCs for CVE-2023-4465
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2023-4465
请登录查看更多情报信息。
Same Patch Batch · Poly · 2023-12-29 · 7 CVEs total
| CVE-2023-4464 | 7.2 HIGH | Poly VVX 601 Diagnostic Telnet Mode os command injection |
| CVE-2023-4467 | 6.2 MEDIUM | Poly Trio 8800 Test Automation Mode backdoor |
| CVE-2023-4463 | 5.3 MEDIUM | Poly CCX 400/CCX 600/Trio 8800/Trio C60 HTTP Header denial of service |
| CVE-2023-4468 | 4.3 MEDIUM | Poly Trio 8500/Trio 8800/Trio C60 Poly Lens Management Cloud Registration authorization |
| CVE-2023-4462 | 3.7 LOW | Poly VVX 601 Web Configuration Application random values |
| CVE-2023-4466 | 2.7 LOW | Poly CCX 400/CCX 600/Trio 8800/Trio C60 Web Interface protection mechanism |
IV. Related Vulnerabilities
Same vendor: Poly
- CVE-2024-6147
Poly Plantronics Hub Link Following Local Privilege Escalati - CVE-2023-4468
Poly Trio 8500/Trio 8800/Trio C60 Poly Lens Management Cloud - CVE-2023-4467
Poly Trio 8800 Test Automation Mode backdoor - CVE-2023-4466
Poly CCX 400/CCX 600/Trio 8800/Trio C60 Web Interface protec - CVE-2023-4464
Poly VVX 601 Diagnostic Telnet Mode os command injection
Same weakness: CWE-620
- CVE-2026-42084
OpenC3 COSMOS: Hijacked session token can be used to reset p - CVE-2026-40588
blueprintUE: Authenticated Password Change Does Not Verify C - CVE-2019-25653
Navicat for Oracle 12.1.15 Password Field Denial of Service - CVE-2026-27757
SODOLA SL902-SWTGW124AS <= 200.1.20 Unverified Password Chan - CVE-2026-24443
EventSentry < 6.0.1.20 Web Reports Unverified Password Chang
V. Comments for CVE-2023-4465
No comments yet