CVE-2022-24630
published 2023-05-29CVE-2022-24630: An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. BrowseFiles.php allows a ?cmd=ssh POST request with an ssh_command field…
PriorityP261high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
EXPLOIT
EPSS
23.89%
97.5th percentile
An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. BrowseFiles.php allows a ?cmd=ssh POST request with an ssh_command field that is executed.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| audiocodes | device_manager_express | <= 7.8.20002.47752 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect POST requests to BrowseFiles.php with the query parameter cmd=ssh; the POST body will contain the field ssh_command carrying the injected OS command. ↗
- →Monitor POST requests to /admin/AudioCodes_files/ajax/ajaxGlobalSettings.php with body parameter action=saveext and a non-standard file extension appended to the extensions list (e.g., .php, .phtml), indicating an attacker whitelisting a webshell extension. ↗
- →Monitor for file uploads to the /region/ web-accessible directory on AudioCodes Device Manager Express, particularly files with content-type text/html, which may be backdoor webshells. ↗
- →Alert on GET requests to /admin/AudioCodes_files/BrowseFiles.php with a view= parameter containing an absolute Windows path (e.g., c:\windows\win.ini), indicating arbitrary file read exploitation (CVE-2022-24632). ↗
- ·The exploit targets AudioCodes Device Manager Express version 7.8.20002.47752 specifically; the vendor announced product EOL on 07-02-2022, meaning no patch will be issued and exposed instances remain permanently vulnerable. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
2023-05-29
Published