CVE-2023-22957 – This vulnerability allows attackers with access... (How to Fix)

Q: What is the severity of CVE-2023-22957?

CVE-2023-22957 has a CVSS score of 7.5 (HIGH). This vulnerability allows attackers with access to backup or configuration files to decrypt sensitive information using a hard-coded cryptographic key in AudioCodes VoIP desk phones. Affected organizations using these phones could have device root passwords and other encrypted data exposed. The issue affects AudioCodes VoIP desk phones through version 3.4.4.1000.

📋 TL;DR

This vulnerability allows attackers with access to backup or configuration files to decrypt sensitive information using a hard-coded cryptographic key in AudioCodes VoIP desk phones. Affected organizations using these phones could have device root passwords and other encrypted data exposed. The issue affects AudioCodes VoIP desk phones through version 3.4.4.1000.

💻 Affected Systems

Products:

AudioCodes VoIP desk phones

Versions: Through 3.4.4.1000

Operating Systems: Embedded phone firmware

Default Config Vulnerable: ⚠️ Yes

Notes: All devices using the vulnerable libac_des3.so library are affected regardless of configuration.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers gain root access to VoIP phones, potentially compromising entire phone systems, intercepting calls, or using phones as footholds into corporate networks.

🟠

Likely Case

Attackers with physical or network access to configuration files decrypt root passwords and gain administrative control over individual phones.

🟢

If Mitigated

With proper network segmentation and access controls, impact is limited to individual phone compromise without lateral movement.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires access to backup or configuration files, which may be obtained through physical access, network compromise, or insecure file transfers.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Versions after 3.4.4.1000

Vendor Advisory: https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-052.txt

Restart Required: Yes

Instructions:

1. Contact AudioCodes for updated firmware. 2. Backup phone configurations. 3. Apply firmware update via management interface. 4. Restart phones. 5. Verify new firmware version.

🔧 Temporary Workarounds

Restrict configuration file access

all

Limit access to phone configuration and backup files to authorized administrators only.

Network segmentation

all

Isolate VoIP phones on separate VLANs with strict firewall rules.

🧯 If You Can't Patch

Physically secure phones to prevent unauthorized access to configuration interfaces
Monitor network traffic to/from phones for unusual configuration file transfers

🔍 How to Verify

Check if Vulnerable:

Check firmware version via phone web interface or console. If version is 3.4.4.1000 or earlier, device is vulnerable.

Check Version:

Check via phone web interface at System Information or via console command depending on model

Verify Fix Applied:

Verify firmware version is newer than 3.4.4.1000 and test that encrypted values in configuration files cannot be decrypted with known hard-coded key.

📡 Detection & Monitoring

Log Indicators:

Unauthorized access to configuration files
Multiple failed login attempts to phone admin interface
Unexpected firmware version changes

Network Indicators:

Unusual TFTP/FTP transfers to/from phones
Configuration file downloads from unauthorized sources

SIEM Query:

source="voip_phones" AND (event="config_download" OR event="firmware_update") AND user!="authorized_admin"

📊 Metadata

CVE ID: CVE-2023-22957

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-798

Published: August 11, 2023

Last Updated: November 21, 2024

🔗 References

http://packetstormsecurity.com/files/174215/AudioCodes-VoIP-Phones-Hardcoded-Key.html Exploit,Third Party Advisory,VDB Entry
http://seclists.org/fulldisclosure/2023/Aug/15 Exploit,Mailing List,Third Party Advisory
https://syss.de Not Applicable
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-052.txt Exploit,Vendor Advisory
http://packetstormsecurity.com/files/174215/AudioCodes-VoIP-Phones-Hardcoded-Key.html Exploit,Third Party Advisory,VDB Entry
http://seclists.org/fulldisclosure/2023/Aug/15 Exploit,Mailing List,Third Party Advisory
https://syss.de Not Applicable
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-052.txt Exploit,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-22957, you might also want to check these: