CVE-2023-4465

Public Exploit
Poly VVX 601 Configuration File Import unverified password change

Description

A vulnerability, which was classified as problematic, was found in Poly Trio 8300, Trio 8500, Trio 8800, Trio C60, CCX 350, CCX 400, CCX 500, CCX 505, CCX 600, CCX 700, EDGE E100, EDGE E220, EDGE E300, EDGE E320, EDGE E350, EDGE E400, EDGE E450, EDGE E500, EDGE E550, VVX 101, VVX 150, VVX 201, VVX 250, VVX 300, VVX 301, VVX 310, VVX 311, VVX 350, VVX 400, VVX 401, VVX 410, VVX 411, VVX 450, VVX 500, VVX 501, VVX 600 and VVX 601. Affected is an unknown function of the component Configuration File Import. The manipulation of the argument device.auth.localAdminPassword leads to unverified password change. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-249258 is the identifier assigned to this vulnerability.

Category

2.7
CVSS
Severity: Low
CVSS 3.1 •
CVSS 2.0 •
EPSS 0.11%
Third-Party Advisory vuldb.com Third-Party Advisory vuldb.com
Affected: Poly Trio 8300
Affected: Poly Trio 8500
Affected: Poly Trio 8800
Affected: Poly Trio C60
Affected: Poly CCX 350
Affected: Poly CCX 400
Affected: Poly CCX 500
Affected: Poly CCX 505
Affected: Poly CCX 600
Affected: Poly CCX 700
Affected: Poly EDGE E100
Affected: Poly EDGE E220
Affected: Poly EDGE E300
Affected: Poly EDGE E320
Affected: Poly EDGE E350
Affected: Poly EDGE E400
Affected: Poly EDGE E450
Affected: Poly EDGE E500
Affected: Poly EDGE E550
Affected: Poly VVX 101
Affected: Poly VVX 150
Affected: Poly VVX 201
Affected: Poly VVX 250
Affected: Poly VVX 300
Affected: Poly VVX 301
Affected: Poly VVX 310
Affected: Poly VVX 311
Affected: Poly VVX 350
Affected: Poly VVX 400
Affected: Poly VVX 401
Affected: Poly VVX 410
Affected: Poly VVX 411
Affected: Poly VVX 450
Affected: Poly VVX 500
Affected: Poly VVX 501
Affected: Poly VVX 600
Affected: Poly VVX 601
Published at:
Updated at:

References

Link Tags
https://vuldb.com/?id.249258 third party advisory vdb entry technical description
https://vuldb.com/?ctiid.249258 signature third party advisory vdb entry permissions required
https://modzero.com/en/advisories/mz-23-01-poly-voip/ related
https://support.hp.com/us-en/document/ish_9929371-9929407-16/hpsbpy03899 related
https://github.com/modzero/MZ-23-01-Poly-VoIP-Devices exploit
https://fahrplan.events.ccc.de/congress/2023/fahrplan/events/11919.html not applicable related

Frequently Asked Questions

What is the severity of CVE-2023-4465?
CVE-2023-4465 has been scored as a low severity vulnerability.
How to fix CVE-2023-4465?
To fix CVE-2023-4465, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2023-4465 being actively exploited in the wild?
It is possible that CVE-2023-4465 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2023-4465?
CVE-2023-4465 affects Poly Trio 8300, Poly Trio 8500, Poly Trio 8800, Poly Trio C60, Poly CCX 350, Poly CCX 400, Poly CCX 500, Poly CCX 505, Poly CCX 600, Poly CCX 700, Poly EDGE E100, Poly EDGE E220, Poly EDGE E300, Poly EDGE E320, Poly EDGE E350, Poly EDGE E400, Poly EDGE E450, Poly EDGE E500, Poly EDGE E550, Poly VVX 101, Poly VVX 150, Poly VVX 201, Poly VVX 250, Poly VVX 300, Poly VVX 301, Poly VVX 310, Poly VVX 311, Poly VVX 350, Poly VVX 400, Poly VVX 401, Poly VVX 410, Poly VVX 411, Poly VVX 450, Poly VVX 500, Poly VVX 501, Poly VVX 600, Poly VVX 601.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.