CVE-2023-4466— Poly CCX 400/CCX 600/Trio 8800/Trio C60 Web Interface protection mechanism
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2023-4466
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Poly CCX 400/CCX 600/Trio 8800/Trio C60 Web Interface protection mechanism
Source: NVD (National Vulnerability Database)
Vulnerability Description
A vulnerability has been found in Poly CCX 400, CCX 600, Trio 8800 and Trio C60 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Web Interface. The manipulation leads to protection mechanism failure. The attack can be launched remotely. The vendor explains that they do not regard this as a vulnerability as this is a feature that they offer to their customers who have a variety of environmental needs that are met through different firmware builds. To avoid potential roll-back attacks, they remove vulnerable builds from the public servers as a remediation effort. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249259.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
保护机制失效
Source: NVD (National Vulnerability Database)
Vulnerability Title
Poly Trio 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Poly Trio是美国Poly公司的一款Trio系列的商务会议电话。 Poly CCX和Trio存在安全漏洞,该漏洞源于Web Interface组件存在安全漏洞。受影响的产品和版本:Poly CCX 400版本,CCX 600版本,Trio 8800版本,Trio C60版本。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2023-4466
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2023-4466
请登录查看更多情报信息。
Same Patch Batch · Poly · 2023-12-29 · 7 CVEs total
| CVE-2023-4464 | 7.2 HIGH | Poly VVX 601 Diagnostic Telnet Mode os command injection |
| CVE-2023-4467 | 6.2 MEDIUM | Poly Trio 8800 Test Automation Mode backdoor |
| CVE-2023-4463 | 5.3 MEDIUM | Poly CCX 400/CCX 600/Trio 8800/Trio C60 HTTP Header denial of service |
| CVE-2023-4468 | 4.3 MEDIUM | Poly Trio 8500/Trio 8800/Trio C60 Poly Lens Management Cloud Registration authorization |
| CVE-2023-4462 | 3.7 LOW | Poly VVX 601 Web Configuration Application random values |
| CVE-2023-4465 | 2.7 LOW | Poly VVX 601 Configuration File Import unverified password change |
IV. Related Vulnerabilities
Same vendor: Poly
- CVE-2024-6147
Poly Plantronics Hub Link Following Local Privilege Escalati - CVE-2023-4468
Poly Trio 8500/Trio 8800/Trio C60 Poly Lens Management Cloud - CVE-2023-4467
Poly Trio 8800 Test Automation Mode backdoor - CVE-2023-4465
Poly VVX 601 Configuration File Import unverified password c - CVE-2023-4464
Poly VVX 601 Diagnostic Telnet Mode os command injection
Same weakness: CWE-693
- CVE-2026-26956
vm2: WASM Sandbox Escape (Node 25 only) - CVE-2026-24120
vm2: Sandbox Breakout Through Promise Species - CVE-2026-41316
ERB has an @_init deserialization guard bypass via def_modul - CVE-2026-41469
Beghelli Sicuro24 SicuroWeb Missing Content Security Policy - CVE-2026-40604
ClearanceKit: opfilter system extension can be suspended or
V. Comments for CVE-2023-4466
No comments yet