CVE-2023-4467— Poly Trio 8800 Test Automation Mode backdoor
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2023-4467
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Poly Trio 8800 Test Automation Mode backdoor
Source: NVD (National Vulnerability Database)
Vulnerability Description
A vulnerability was found in Poly Trio 8800 7.2.6.0019 and classified as critical. Affected by this issue is some unknown functionality of the component Test Automation Mode. The manipulation leads to backdoor. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249260.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
隐藏功能
Source: NVD (National Vulnerability Database)
Vulnerability Title
Poly Trio 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Poly Trio是美国Poly公司的一款Trio系列的商务会议电话。 Poly Trio 8800 7.2.6.0019版本存在安全漏洞,该漏洞源于Test Automation Mode组件存在安全漏洞。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2023-4467
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2023-4467
请登录查看更多情报信息。
Same Patch Batch · Poly · 2023-12-29 · 7 CVEs total
| CVE-2023-4464 | 7.2 HIGH | Poly VVX 601 Diagnostic Telnet Mode os command injection |
| CVE-2023-4463 | 5.3 MEDIUM | Poly CCX 400/CCX 600/Trio 8800/Trio C60 HTTP Header denial of service |
| CVE-2023-4468 | 4.3 MEDIUM | Poly Trio 8500/Trio 8800/Trio C60 Poly Lens Management Cloud Registration authorization |
| CVE-2023-4462 | 3.7 LOW | Poly VVX 601 Web Configuration Application random values |
| CVE-2023-4465 | 2.7 LOW | Poly VVX 601 Configuration File Import unverified password change |
| CVE-2023-4466 | 2.7 LOW | Poly CCX 400/CCX 600/Trio 8800/Trio C60 Web Interface protection mechanism |
IV. Related Vulnerabilities
Same vendor: Poly
- CVE-2024-6147
Poly Plantronics Hub Link Following Local Privilege Escalati - CVE-2023-4468
Poly Trio 8500/Trio 8800/Trio C60 Poly Lens Management Cloud - CVE-2023-4466
Poly CCX 400/CCX 600/Trio 8800/Trio C60 Web Interface protec - CVE-2023-4465
Poly VVX 601 Configuration File Import unverified password c - CVE-2023-4464
Poly VVX 601 Diagnostic Telnet Mode os command injection
Same weakness: CWE-912
V. Comments for CVE-2023-4467
No comments yet