Critical Vulnerability Information Vulnerability Title Title: 8 vulnerabilities in AudioCodes Fax/IVR Appliance Vulnerability Types and CVE IDs Pre-authenticated Remote Code Execution #1: CVE-2025-34328 Pre-authenticated Remote Code Execution #2: CVE-2025-34329 Pre-authenticated File Upload: CVE-2025-34330 Local Privilege Escalation #1: CVE-2025-34331 Local Privilege Escalation #2: CVE-2025-34332 Post-authenticated Command Injection & Local Privilege Escalation: CVE-2025-34333 Post-authenticated Command Injection: CVE-2025-34335 Affected Scope Vulnerable versions: All versions. Vulnerability Description and Impact Pre-authenticated Remote Code Execution: - Unauthenticated remote attackers can execute arbitrary code in the context of the running service. - The vulnerability is located in the file . Pre-authenticated File Upload: - Unauthenticated attackers can upload arbitrary files. - The vulnerability is located in the file . Local Privilege Escalation: - Attackers can exploit this vulnerability to escalate privileges from local user to system level. - Improper file permission configuration allows low-privileged users to modify and execute certain batch files. Post-authenticated Command Injection: - Authenticated users can exploit command injection vulnerabilities to execute system commands. Vulnerability Testing and Exploitation RCE Test: - Exploited using a command via HTTP to execute a payload on the specified PHP file. - Successfully executed commands and returned system information with privileges. File Upload Test: - Successfully uploaded a file to the target system. - Detailed file path and permissions confirmed the existence of the vulnerability. Security Recommendations It is not recommended to use AudioCodes Fax/IVR Appliance. Pay attention to permission management and file upload security; patch known vulnerabilities. Regularly review system logs to detect and prevent potential attacks. Report Timeline and Publisher Information The report timeline details the discovery of vulnerabilities, vendor contact, vendor response, and the release of security advisories. Information published by Pierre Kim, including detailed analysis and exploitation examples for the related vulnerabilities.