Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
AudioCodes Fax/IVR Appliance <= 2.6.23 World-Writable Webroot LPE
Vulnerability Description
AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 configure the web document root at C:\\F2MAdmin\\F2E with overly permissive file system permissions. Authenticated local users have modify rights on this directory, while the associated web server process runs as NT AUTHORITY\\SYSTEM. As a result, any local user can create or alter server-side scripts within the webroot and then trigger them via HTTP requests, causing arbitrary code to execute with SYSTEM privileges.
CVSS Information
N/A
Vulnerability Type
缺省权限不正确
Vulnerability Title
AudioCodes Fax Server 安全漏洞
Vulnerability Description
AudioCodes Fax Server是以色列AudioCodes公司的一个传真服务器。 AudioCodes Fax Server 2.6.23及之前版本存在安全漏洞,该漏洞源于过度宽松的文件系统权限,可能导致任意代码执行。
CVSS Information
N/A
Vulnerability Type
N/A