CVE-2025-34332
BaseFortify
Publication date: 2025-11-19
Last updated on: 2025-12-11
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| audiocodes | fax_server | to 2.6.23 (inc) |
| audiocodes | interactive_voice_response | to 2.6.23 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-276 | During installation, installed file permissions are set to allow anyone to modify those files. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in AudioCodes Fax Server and Auto-Attendant IVR appliances up to version 2.6.23. The web administration component uses helper batch scripts to control Windows services, which are writable by any authenticated local user due to overly permissive access controls. An attacker can replace these scripts with arbitrary commands, which are then executed with SYSTEM privileges during service start/stop operations, allowing local privilege escalation.
How can this vulnerability impact me? :
An attacker with authenticated local access can exploit this vulnerability to execute arbitrary commands with SYSTEM-level privileges. This leads to elevation of local privileges, potentially allowing full control over the affected system, unauthorized access to sensitive data, and disruption of services.