Privilege escalation : Grandstream IP Phones GXP14xx <= 1.0.8.9 / GXP16xx <= 1.0.7.70 Privilege Escalation Vulnerability

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 146377 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.114417

Kategorie: Privilege escalation

Titel: Grandstream IP Phones GXP14xx <= 1.0.8.9 / GXP16xx <= 1.0.7.70 Privilege Escalation Vulnerability

Zusammenfassung: Grandstream GXP14xx and GXP16xx Series IP phones are prone to a; privilege escalation vulnerability.

Beschreibung: Summary:
Grandstream GXP14xx and GXP16xx Series IP phones are prone to a
privilege escalation vulnerability.

Vulnerability Insight:
The flaw allows remote attackers to escalate privileges via
incorrect access control using an end-user session-identity token.

Affected Software/OS:
- Grandstream GXP14xx Series with firmware version 1.0.8.9 and
prior

- Grandstream GXP16xx Series with firmware version 1.0.7.70 and prior

Solution:
No known solution was made available for at least one year since
the disclosure of this vulnerability. Likely none will be provided anymore. General solution options
are to upgrade to a newer release, disable respective features, remove the product or replace the
product by another one.

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:L/Au:S/C:N/I:C/A:N

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2023-50015
https://github.com/n0obit4/Vulnerability_Disclosure/tree/main/CVE-2023-50015

Copyright Copyright (C) 2024 Greenbone AG

Dies ist nur einer von 146377 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.114417
Kategorie:	Privilege escalation
Titel:	Grandstream IP Phones GXP14xx <= 1.0.8.9 / GXP16xx <= 1.0.7.70 Privilege Escalation Vulnerability
Zusammenfassung:	Grandstream GXP14xx and GXP16xx Series IP phones are prone to a; privilege escalation vulnerability.
Beschreibung:	Summary: Grandstream GXP14xx and GXP16xx Series IP phones are prone to a privilege escalation vulnerability. Vulnerability Insight: The flaw allows remote attackers to escalate privileges via incorrect access control using an end-user session-identity token. Affected Software/OS: - Grandstream GXP14xx Series with firmware version 1.0.8.9 and prior - Grandstream GXP16xx Series with firmware version 1.0.7.70 and prior Solution: No known solution was made available for at least one year since the disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one. CVSS Score: 6.8 CVSS Vector: AV:N/AC:L/Au:S/C:N/I:C/A:N
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2023-50015 https://github.com/n0obit4/Vulnerability_Disclosure/tree/main/CVE-2023-50015
Copyright	Copyright (C) 2024 Greenbone AG