CVE-2018-10093
CVE-2018-10093
Vexday Risk Score
50Attention
SSVC decision (CISA)
Attend
PoC available → attend closely
Exploit maturity
Functional exploit
Automatable exploit available (Nuclei/Metasploit).
CVSS —EPSS 68.2%KEV nãoPoC públicaNuclei simMetasploit —Patch —
Lifecycle
14 Jan 2019Public PoC
17 Mar 2019Published on NVD
Recommendation: Plan a near-term fix — a public PoC already exists.
AudioCodes IP phone 420HD devices using firmware version 2.2.12.126 allow Remote Code Execution.
Affected products
n/a · n/apublic PoCs found — 3
cve_referencepacketstormsecurity.com/files/151116/AudioCode-400HD-Remote-Command-Injection.htmlunverifiedcve_referencewww.exploit-db.com/exploits/46164/unverifiedexploitdbwww.exploit-db.com/exploits/46164unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.