CVE-2024-52882
📋 TL;DR
This cross-site scripting (XSS) vulnerability in AudioCodes One Voice Operations Center allows attackers to inject malicious JavaScript via the devices API. When exploited against logged-in administrator sessions, it enables session hijacking, credential theft, or unauthorized administrative actions. Organizations running OVOC versions before 8.4.582 are affected.
💻 Affected Systems
- AudioCodes One Voice Operations Center (OVOC)
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of the OVOC management system, allowing attackers to steal administrator credentials, modify configurations, deploy malicious firmware, or pivot to other network systems.
Likely Case
Session hijacking leading to unauthorized administrative access, configuration changes, or data exfiltration from the management interface.
If Mitigated
Limited impact with proper network segmentation, admin session timeouts, and web application firewalls blocking malicious payloads.
🎯 Exploit Status
XSS vulnerabilities are commonly weaponized, though this requires targeting authenticated administrator sessions.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 8.4.582
Vendor Advisory: https://www.audiocodes.com/solutions-products/products/management-products-solutions/one-voice-operations-center
Restart Required: Yes
Instructions:
1. Backup current configuration. 2. Download OVOC version 8.4.582 or later from AudioCodes support portal. 3. Follow AudioCodes upgrade documentation for your deployment. 4. Verify successful upgrade and functionality.
🔧 Temporary Workarounds
Web Application Firewall (WAF)
allDeploy WAF rules to block XSS payloads targeting the devices API endpoint
Network Segmentation
allRestrict access to OVOC management interface to trusted administrative networks only
🧯 If You Can't Patch
- Implement strict Content Security Policy (CSP) headers to prevent script execution from untrusted sources
- Enforce short session timeouts and multi-factor authentication for administrator accounts
🔍 How to Verify
Check if Vulnerable:
Check OVOC version via web interface or system logs - if version is below 8.4.582, system is vulnerableCheck Version:
Check web interface login page or system administration panel for version informationVerify Fix Applied:
Confirm version is 8.4.582 or higher and test devices API endpoint with safe XSS test payloads📡 Detection & Monitoring
Log Indicators:
- Unusual JavaScript payloads in API requests
- Multiple failed login attempts followed by successful admin login
- Unexpected configuration changes
Network Indicators:
- Suspicious HTTP requests to /api/devices endpoint containing script tags or JavaScript code
- Unusual outbound connections from OVOC server
SIEM Query:
source="ovoc" AND (http_uri="/api/devices" AND (http_query CONTAINS "<script>" OR http_query CONTAINS "javascript:"))