CVE-2025-34334
中文标题:
(暂无数据)
英文标题:
AudioCodes Fax/IVR Appliance <= 2.6.23 Authenticated Command Injection via TestFax.php & LPE
漏洞描述
中文描述:
(暂无数据)
英文描述:
AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 are vulnerable to an authenticated command injection in the fax test functionality implemented by AudioCodes_files/TestFax.php. When a fax "send" test is requested, the application builds a faxsender command line using attacker-supplied parameters and passes it to GlobalUtils::RunBatchFile without proper validation or shell-argument sanitization. The resulting batch file is written into a temporary run directory and then executed via a backend service that runs as NT AUTHORITY\\SYSTEM. An authenticated attacker with access to the fax test interface can craft parameter values that inject additional shell commands into the generated batch file, leading to arbitrary command execution with SYSTEM privileges. In addition, because the generated batch files reside in a location with overly permissive file system permissions, a local low-privilege user on the server can modify pending batch files to achieve the same elevation.
CWE类型:
标签:
受影响产品
| 厂商 | 产品 | 版本 | 版本范围 | 平台 | CPE |
|---|---|---|---|---|---|
| AudioCodes Limited | AudioCodes Fax/IVR Appliance | - | ≤ 2.6.23 | - |
cpe:2.3:a:audiocodes_limited:audiocodes_fax_ivr_appliance:*:*:*:*:*:*:*:*
|
| audiocodes | fax_server | * | - | - |
cpe:2.3:a:audiocodes:fax_server:*:*:*:*:*:*:*:*
|
| audiocodes | interactive_voice_response | * | - | - |
cpe:2.3:a:audiocodes:interactive_voice_response:*:*:*:*:*:*:*:*
|
解决方案
中文解决方案:
英文解决方案:
临时解决方案:
CVSS评分详情
4.0 (cna)
HIGHCVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
时间信息
利用信息
数据源详情
| 数据源 | 记录ID | 版本 | 提取时间 |
|---|---|---|---|
| CVE | cve_CVE-2025-34334 |
2025-11-21 02:02:44 | 2026-01-12 02:11:32 |
| NVD | nvd_CVE-2025-34334 |
2025-12-12 03:21:45 | 2026-01-12 02:27:39 |
版本与语言
安全公告
变更历史
查看详细变更
- affected_products_count: 1 -> 3
- data_sources: ['cve'] -> ['cve', 'nvd']