CVE-2025-34335
中文标题:
(暂无数据)
英文标题:
AudioCodes Fax/IVR Appliance <= 2.6.23 Authenticated Command Injection via ActivateLicense.php
漏洞描述
中文描述:
(暂无数据)
英文描述:
AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 expose an authenticated command injection vulnerability in the license activation workflow handled by AudioCodes_files/ActivateLicense.php. When a license file is uploaded, the application derives a new filename by combining a generated base name with the attacker-controlled extension portion of the original upload name, then constructs a command line for fax_server_lic_cmdline.exe that includes this path. The extension value is incorporated into the command string without input validation, escaping, or proper argument quotation before being passed to exec(). An authenticated user with access to the license upload interface can supply a specially crafted filename whose extension injects additional shell metacharacters, causing arbitrary commands to be executed as NT AUTHORITY\\SYSTEM.
CWE类型:
标签:
受影响产品
| 厂商 | 产品 | 版本 | 版本范围 | 平台 | CPE |
|---|---|---|---|---|---|
| AudioCodes Limited | AudioCodes Fax/IVR Appliance | - | ≤ 2.6.23 | - |
cpe:2.3:a:audiocodes_limited:audiocodes_fax_ivr_appliance:*:*:*:*:*:*:*:*
|
| audiocodes | fax_server | * | - | - |
cpe:2.3:a:audiocodes:fax_server:*:*:*:*:*:*:*:*
|
| audiocodes | interactive_voice_response | * | - | - |
cpe:2.3:a:audiocodes:interactive_voice_response:*:*:*:*:*:*:*:*
|
解决方案
中文解决方案:
英文解决方案:
临时解决方案:
CVSS评分详情
4.0 (cna)
HIGHCVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
时间信息
利用信息
数据源详情
| 数据源 | 记录ID | 版本 | 提取时间 |
|---|---|---|---|
| CVE | cve_CVE-2025-34335 |
2025-11-21 02:02:37 | 2026-01-12 02:11:32 |
| NVD | nvd_CVE-2025-34335 |
2025-12-12 03:21:45 | 2026-01-12 02:27:39 |
版本与语言
安全公告
变更历史
查看详细变更
- affected_products_count: 1 -> 3
- data_sources: ['cve'] -> ['cve', 'nvd']