CVE-2023-4463: Poly CCX 400/CCX 600/Trio 8800/Trio C60 HTTP Header denial of service
First published: Fri Dec 29 2023(Updated: )
A vulnerability classified as problematic was found in Poly CCX 400, CCX 600, Trio 8800 and Trio C60. This vulnerability affects unknown code of the component HTTP Header Handler. The manipulation of the argument Cookie leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249256.
Credit: cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| Poly CCX 400 firmware | ||
| Poly CCX 400 firmware | ||
| All of | ||
| Zoom Poly CCX 600 Firmware | ||
| Zoom Poly CCX 600 Firmware | ||
| All of | ||
| Poly Trio 8800 firmware | ||
| Poly Trio 8800 firmware | ||
| All of | ||
| Poly Trio C60 firmware | ||
| Poly Trio C60 firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://fahrplan.events.ccc.de/congress/2023/fahrplan/events/11919.html
- https://github.com/modzero/MZ-23-01-Poly-VoIP-Devices
- https://modzero.com/en/advisories/mz-23-01-poly-voip/
- https://modzero.com/en/blog/multiple-vulnerabilities-in-poly-products/
- https://vuldb.com/?ctiid.249256
- https://vuldb.com/?id.249256
Frequently Asked Questions
What is the severity of CVE-2023-4463?
CVE-2023-4463 is classified as a problematic vulnerability.
How does CVE-2023-4463 affect systems?
CVE-2023-4463 can lead to a denial of service through the manipulation of the Cookie argument in HTTP headers.
Which devices are affected by CVE-2023-4463?
CVE-2023-4463 impacts Poly CCX 400, CCX 600, Trio 8800, and Trio C60 devices.
Can CVE-2023-4463 be exploited remotely?
Yes, the attack vector for CVE-2023-4463 can be initiated remotely.
What is a potential impact of CVE-2023-4463?
The primary impact of CVE-2023-4463 is a denial of service condition that can disrupt device functionality.
- agent/type
- agent/first-publish-date
- agent/severity
- agent/title
- agent/weakness
- agent/author
- agent/description
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/last-modified-date
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/poly
- canonical/poly ccx 400 firmware
- canonical/zoom poly ccx 600 firmware
- canonical/poly trio 8800 firmware
- canonical/poly trio c60 firmware