CVE-2025-34328
BaseFortify
Publication date: 2025-11-19
Last updated on: 2025-12-12
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| audiocodes | fax_server | to 2.6.23 (inc) |
| audiocodes | interactive_voice_response | to 2.6.23 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-434 | The product allows the upload or transfer of dangerous file types that are automatically processed within its environment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in AudioCodes Fax Server and Auto-Attendant IVR appliances up to version 2.6.23. It involves an unauthenticated script-management endpoint in the web administration component that allows a remote attacker to write arbitrary files to the server. Because the web service runs with NT AUTHORITY\SYSTEM privileges on Windows, the attacker can write and execute malicious files with high-level system privileges.
How can this vulnerability impact me? :
An attacker exploiting this vulnerability can remotely execute arbitrary code on the affected system with SYSTEM-level privileges without authentication. This can lead to full system compromise, unauthorized access, data theft, disruption of services, or further attacks within the network.