CVE-2025-34330
BaseFortify
Publication date: 2025-11-19
Last updated on: 2025-12-12
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| audiocodes | fax_server | to 2.6.23 (inc) |
| audiocodes | interactive_voice_response | to 2.6.23 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-434 | The product allows the upload or transfer of dangerous file types that are automatically processed within its environment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in AudioCodes Fax Server and Auto-Attendant IVR appliances up to version 2.6.23. It involves a web administration component called F2MAdmin that has an unauthenticated file upload endpoint. This endpoint allows anyone to upload files without authentication, authorization, or file-type validation, writing them to a specific directory. An attacker can upload or overwrite audio prompt or music-on-hold files, potentially tampering with IVR audio content or using these files to facilitate further attacks.
How can this vulnerability impact me? :
The vulnerability can allow a remote, unauthenticated attacker to upload or overwrite audio files used by the IVR system. This could lead to tampering with the audio content that callers hear, potentially causing misinformation or disruption. Additionally, the attacker might use the uploaded files as a foothold for further attacks against the system or network.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection can be performed by checking for the presence of the vulnerable script at the path AudioCodes_files/utils/IVR/diagram/ajaxPromptUploadFile.php on the AudioCodes Fax Server or Auto-Attendant IVR appliances. Network monitoring for HTTP POST requests to this endpoint without authentication may indicate exploitation attempts. Additionally, inspecting the C:\F2MAdmin\tmp directory for unexpected or recently modified files related to prompts or music-on-hold can help identify exploitation. Specific commands depend on the environment, but for example, on the server, listing files by modification date in the tmp directory can be done with: dir C:\F2MAdmin\tmp /T:W. Network traffic capture tools like Wireshark or tcpdump can be used to monitor HTTP POST requests to the vulnerable URL.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the vulnerable web administration component, especially the ajaxPromptUploadFile.php endpoint, by implementing network-level controls such as firewall rules or access control lists to limit access to trusted administrators only. If possible, disable or remove the vulnerable script or upgrade the AudioCodes Fax Server and Auto-Attendant IVR appliances to a version later than 2.6.23 where this vulnerability is fixed. Monitoring and auditing the C:\F2MAdmin\tmp directory for unauthorized file uploads and removing any suspicious files is also recommended.