CVE-2025-34334
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-11-19

Last updated on: 2025-12-11

Assigner: VulnCheck

Description
AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 are vulnerable to an authenticated command injection in the fax test functionality implemented by AudioCodes_files/TestFax.php. When a fax "send" test is requested, the application builds a faxsender command line using attacker-supplied parameters and passes it to GlobalUtils::RunBatchFile without proper validation or shell-argument sanitization. The resulting batch file is written into a temporary run directory and then executed via a backend service that runs as NT AUTHORITY\\SYSTEM. An authenticated attacker with access to the fax test interface can craft parameter values that inject additional shell commands into the generated batch file, leading to arbitrary command execution with SYSTEM privileges. In addition, because the generated batch files reside in a location with overly permissive file system permissions, a local low-privilege user on the server can modify pending batch files to achieve the same elevation.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-11-19
Last Modified
2025-12-11
Generated
2026-05-07
AI Q&A
2025-11-19
EPSS Evaluated
2026-05-05
NVD
CVE-2025-34334
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
audiocodes fax_server to 2.6.23 (inc)
audiocodes interactive_voice_response to 2.6.23 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-78 The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability exists in AudioCodes Fax Server and Auto-Attendant IVR appliances up to version 2.6.23. It is an authenticated command injection flaw in the fax test functionality. When a fax send test is requested, the application constructs a command line using attacker-supplied parameters without proper validation or sanitization. This command line is written into a batch file and executed with SYSTEM-level privileges. An authenticated attacker can inject additional shell commands into this batch file, leading to arbitrary command execution with SYSTEM privileges. Additionally, local low-privilege users can modify these batch files due to overly permissive file system permissions, allowing privilege escalation.


How can this vulnerability impact me? :

This vulnerability can allow an authenticated attacker to execute arbitrary commands on the affected system with SYSTEM-level privileges, which is the highest level of access on Windows systems. This can lead to complete compromise of the affected device, including unauthorized access to sensitive data, disruption of services, installation of malware, and further attacks within the network. Local low-privilege users can also exploit the vulnerability to escalate their privileges to SYSTEM level.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart