Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
AudioCodes Fax/IVR Appliance <= 2.6.23 Insecure Service Control Scripts LPE
Vulnerability Description
AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 include a web administration component that controls back-end Windows services using helper batch scripts located under C:\\F2MAdmin\\F2E\\AudioCodes_files\\utils\\Services. When certain service actions are requested through ajaxPost.php, these scripts are invoked by PHP using system() under the NT AUTHORITY\\SYSTEM account. The batch files in this directory are writable by any authenticated local user due to overly permissive ACLs, allowing them to replace script contents with arbitrary commands. On the next service start/stop operation, the modified script is executed as SYSTEM, enabling elevation of local privileges.
CVSS Information
N/A
Vulnerability Type
缺省权限不正确
Vulnerability Title
AudioCodes Fax Server 安全漏洞
Vulnerability Description
AudioCodes Fax Server是以色列AudioCodes公司的一个传真服务器。 AudioCodes Fax Server 2.6.23及之前版本存在安全漏洞,该漏洞源于可写的批处理脚本,可能导致本地权限提升。
CVSS Information
N/A
Vulnerability Type
N/A