Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A vulnerability allows a phreaking attack on HCL legacy IVR systems that do not use VoIP. These IVR systems rely on various frequencies of audio signals; based on the frequency, certain commands and functions are processed. Since these frequencies are accepted within a phone call, an attacker can record these frequencies and use them for service activations. This is a request-forgery issue when the required series of DTMF signals for a service activation is predictable (e.g., the IVR system does not speak a nonce to the caller). In this case, the IVR system accepts an activation request from a less-secure channel (any loudspeaker in the caller's physical environment) without verifying that the request was intended (it matches a nonce sent over a more-secure channel to the caller's earpiece).
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
HCL legacy IVR系统安全漏洞
Vulnerability Description
HCL legacy IVR systems是一套交互式语音互答系统。 HCL legacy IVR systems中存在安全漏洞,该漏洞源于程序借助音频信号来执行命令和功能。攻击者可利用该漏洞打开服务或获取敏感信息。
CVSS Information
N/A
Vulnerability Type
N/A