Multiple vulnerabilities in Akuvox E11



Risk High
Patch available NO
Number of vulnerabilities 13
CVE-ID CVE-2023-0348
CVE-2023-0351
CVE-2023-0354
CVE-2023-0353
CVE-2023-0349
CVE-2023-0355
CVE-2023-0352
CVE-2023-0350
CVE-2023-0347
CVE-2023-0346
CVE-2023-0345
CVE-2023-0344
CVE-2023-0343
CWE-ID CWE-284
CWE-77
CWE-306
CWE-257
CWE-862
CWE-321
CWE-640
CWE-646
CWE-200
CWE-287
CWE-798
CWE-912
CWE-329
Exploitation vector Network
Public exploit N/A
Vulnerable software
Akuvox E11
Hardware solutions / Other hardware appliances

Vendor Akuvox

Security Bulletin

This security bulletin contains information about 13 vulnerabilities.

1) Improper access control

EUVDB-ID: #VU73252

Risk: Medium

CVSSv3.1: 6.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:U/RC:C]

CVE-ID: CVE-2023-0348

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain unauthorized access to sensitive information on the system.

The vulnerability exists due to improper access restrictions within SIP calls. A remote attacker can activate the camera and microphone and contact any device within Akuvox to call any other device.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

Akuvox E11: All versions

CPE2.3 External links

http://claroty.com/team82/blog/akuvox-smart-intercom-vulnerabilities-leave-privacy-ajar
http://claroty.com/team82/research/the-silent-spy-among-us-modern-attacks-against-smart-intercoms


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Command Injection

EUVDB-ID: #VU73251

Risk: Medium

CVSSv3.1: 8.1 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C]

CVE-ID: CVE-2023-0351

CWE-ID: CWE-77 - Command injection

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary commands on the target system.

The vulnerability exists due to improper input validation in the device phone-book contacts functionality in the "call log" page. A remote attacker on the local network can pass specially crafted data to the application and execute arbitrary commands on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

Akuvox E11: All versions

CPE2.3 External links

http://claroty.com/team82/blog/akuvox-smart-intercom-vulnerabilities-leave-privacy-ajar
http://claroty.com/team82/research/the-silent-spy-among-us-modern-attacks-against-smart-intercoms


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Missing Authentication for Critical Function

EUVDB-ID: #VU73250

Risk: Medium

CVSSv3.1: 8.1 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C]

CVE-ID: CVE-2023-0354

CWE-ID: CWE-306 - Missing Authentication for Critical Function

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to missing authentication for a critical function. A remote attacker on the local network can execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

Akuvox E11: All versions

CPE2.3 External links

http://claroty.com/team82/blog/akuvox-smart-intercom-vulnerabilities-leave-privacy-ajar
http://claroty.com/team82/research/the-silent-spy-among-us-modern-attacks-against-smart-intercoms


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Storing passwords in a recoverable format

EUVDB-ID: #VU73253

Risk: Medium

CVSSv3.1: 6.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:U/RC:C]

CVE-ID: CVE-2023-0353

CWE-ID: CWE-257 - Storing Passwords in a Recoverable Format

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to the affected product uses a weak encryption algorithm for stored passwords and a hard-coded password for decryption. A remote attacker can cause the encrypted passwords to be decrypted from the configuration file.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

Akuvox E11: All versions

CPE2.3 External links

http://claroty.com/team82/research/the-silent-spy-among-us-modern-attacks-against-smart-intercoms


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Missing Authorization

EUVDB-ID: #VU73254

Risk: Medium

CVSSv3.1: 6 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:U/RC:C]

CVE-ID: CVE-2023-0349

CWE-ID: CWE-862 - Missing Authorization

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass authorization checks.

The vulnerability exists due to a missing permission check in libvoice library. A remote attacker on the local network can view and record image and video from the camera.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

Akuvox E11: All versions

CPE2.3 External links

http://claroty.com/team82/research/the-silent-spy-among-us-modern-attacks-against-smart-intercoms


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Use of Hard-coded Cryptographic Key

EUVDB-ID: #VU73255

Risk: Medium

CVSSv3.1: 6 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:U/RC:C]

CVE-ID: CVE-2023-0355

CWE-ID: CWE-321 - Use of Hard-coded Cryptographic Key

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to a hard-coded cryptographic key. A remote attacker on the local network can decrypt sensitive information.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

Akuvox E11: All versions

CPE2.3 External links

http://claroty.com/team82/research/the-silent-spy-among-us-modern-attacks-against-smart-intercoms


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Weak Password Recovery Mechanism for Forgotten Password

EUVDB-ID: #VU73256

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:U/RC:C]

CVE-ID: CVE-2023-0352

CWE-ID: CWE-640 - Weak password recovery mechanism

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to a weak password recovery mechanism for forgotten password. A remote attacker can download the device key file and reset the password back to the default.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

Akuvox E11: All versions

CPE2.3 External links

http://claroty.com/team82/research/the-silent-spy-among-us-modern-attacks-against-smart-intercoms


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Reliance on File Name or Extension of Externally-Supplied File

EUVDB-ID: #VU73257

Risk: High

CVSSv3.1: 9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C]

CVE-ID: CVE-2023-0350

CWE-ID: CWE-646 - Reliance on File Name or Extension of Externally-Supplied File

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to the affected product does not ensure that a file extension is associated with the file provided. A remote attacker can change the extension of a malicious file to an accepted file type and upload a file to the device.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

Akuvox E11: All versions

CPE2.3 External links

http://claroty.com/team82/research/the-silent-spy-among-us-modern-attacks-against-smart-intercoms


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Information disclosure

EUVDB-ID: #VU73258

Risk: Medium

CVSSv3.1: 6.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:U/RC:C]

CVE-ID: CVE-2023-0347

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the application. A remote attacker can identify the device on the Akuvox cloud.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

Akuvox E11: All versions

CPE2.3 External links

http://claroty.com/team82/research/the-silent-spy-among-us-modern-attacks-against-smart-intercoms


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Improper Authentication

EUVDB-ID: #VU73259

Risk: High

CVSSv3.1: 9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C]

CVE-ID: CVE-2023-0346

CWE-ID: CWE-287 - Improper Authentication

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to an error when cloud login is performed through an unencrypted HTTP connection. A remote attacker can gain access to the Akuvox cloud and device if the MAC address of a device is known.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

Akuvox E11: All versions

CPE2.3 External links

http://claroty.com/team82/research/the-silent-spy-among-us-modern-attacks-against-smart-intercoms


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Use of hard-coded credentials

EUVDB-ID: #VU73260

Risk: High

CVSSv3.1: 9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C]

CVE-ID: CVE-2023-0345

CWE-ID: CWE-798 - Use of Hard-coded Credentials

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain full access to vulnerable system.

The vulnerability exists due to presence of hard-coded credentials in application code within the secure shell (SSH) server. A remote attacker can access the affected system using the hard-coded credentials.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

Akuvox E11: All versions

CPE2.3 External links

http://claroty.com/team82/research/the-silent-spy-among-us-modern-attacks-against-smart-intercoms


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Hidden functionality

EUVDB-ID: #VU73261

Risk: High

CVSSv3.1: 9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C]

CVE-ID: CVE-2023-0344

CWE-ID: CWE-912 - Hidden Functionality (Backdoor)

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system

The vulnerability exists due to the affected software uses a custom version of dropbear SSH server. A remote attacker can use this functionality to gain full access to the application and compromise the affected system.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

Akuvox E11: All versions

CPE2.3 External links

http://claroty.com/team82/research/the-silent-spy-among-us-modern-attacks-against-smart-intercoms


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Not Using an Unpredictable IV with CBC Mode

EUVDB-ID: #VU73262

Risk: Medium

CVSSv3.1: 6 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:U/RC:C]

CVE-ID: CVE-2023-0343

CWE-ID: CWE-329 - Not Using an Unpredictable IV with CBC Mode

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to the affected product contains a function that encrypts messages which are then forwarded. A remote attacker on the local network can decrypt messages.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

Akuvox E11: All versions

CPE2.3 External links

http://claroty.com/team82/research/the-silent-spy-among-us-modern-attacks-against-smart-intercoms


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###