CVE-2023-50015

EUVD-2023-54845
An issue was discovered in Grandstream GXP14XX 1.0.8.9 and GXP16XX 1.0.7.13, allows remote attackers to escalate privileges via incorrect access control using an end-user session-identity token.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
ADJACENT_NETWORK
LOW
NONE
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
grandstreamgxp1405_firmware
𝑥
≤ 1.0.8.9
ADP
grandstreamgxp1610_firmware
𝑥
≤ 1.0.7.13
ADP
grandstreamgxp1615_firmware
𝑥
≤ 1.0.7.13
ADP
grandstreamgxp1620_firmware
𝑥
≤ 1.0.7.13
ADP
grandstreamgxp1625_firmware
𝑥
≤ 1.0.7.13
ADP
grandstreamgxp1628_firmware
𝑥
≤ 1.0.7.13
ADP
grandstreamgxp1630_firmware
𝑥
≤ 1.0.7.13
ADP
grandstreamgxp1400_firmware
𝑥
≤ 1.0.8.9
ADP
Common Weakness Enumeration
References
https://github.com/n0obit4/Vulnerability_Disclosure/tree/main/CVE-2023-50015
https://github.com/n0obit4/Vulnerability_Disclosure/tree/main/CVE-2023-50015