CVE-2024-48197 PoC — AudioCodes MP-202B 安全漏洞

Source

https://github.com/GCatt-AS/CVE-2024-48197

Associated Vulnerability

Title:AudioCodes MP-202B 安全漏洞 (CVE-2024-48197)
Description:AudioCodes MP-202B是以色列AudioCodes公司的一个模拟 VoIP 适配器。用于连接 POTS 电话或传真机。 AudioCodes MP-202B v.4.4.3版本存在安全漏洞，该漏洞源于存在跨站脚本漏洞，允许远程攻击者通过Web界面的登录页面提升权限。

Description

Reflected XSS in AudioCodes MP-202b

Readme

# CVE-2024-48197
Reflected XSS in AudioCodes MP-202b
# [Description]
 Cross Site Scripting vulnerability in Audiocodes MP-202b v.4.4.3 allows a remote attacker to escalate privileges via the login page of 
 the web interface.

# [Additional Information]
 N/A

# [Vulnerability Type]
 Cross Site Scripting (XSS) Reflected

# [Vendor of Product]
> Audiocodes

# [Affected Product Code Base]
> MP-202b - 4.4.3 

# [Affected Component]
> Login page of the web interface for the device

# [Attack Type]
> Remote

# [Impact Escalation of Privileges]
> true

# [Attack Vectors]
> A user must be coerced into logging into the application with a specially crafted URL supplied. The specially crafted URL can then be used to capture login details.

# [Discovered By]
Gareth C - AnchorSec

File Snapshot


 [4.0K]  /data/pocs/a45f552fdf52cd798fe8233e08580f864337ed2a
└── [ 778]  README.md

0 directories, 1 file

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!