CVE-2023-4462
CVE-2023-4462 is a low-severity vulnerability in Poly Ccx 400 Firmware with a CVSS 3.x base score of 3.7. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-330.
Key facts
- Severity: Low (CVSS 3.x base score 3.7)
- CVSS v2: 2.6
- EPSS exploit prediction: 1% (56th percentile)
- Actively exploited: Not listed in CISA KEV
- Weakness: CWE-330
- Affected product: Poly Ccx 400 Firmware
- Published:
- Last modified:
Description
A vulnerability classified as problematic has been found in Poly Trio 8300, Trio 8500, Trio 8800, Trio C60, CCX 350, CCX 400, CCX 500, CCX 505, CCX 600, CCX 700, EDGE E100, EDGE E220, EDGE E300, EDGE E320, EDGE E350, EDGE E400, EDGE E450, EDGE E500, EDGE E550, VVX 101, VVX 150, VVX 201, VVX 250, VVX 300, VVX 301, VVX 310, VVX 311, VVX 350, VVX 400, VVX 401, VVX 410, VVX 411, VVX 450, VVX 500, VVX 501, VVX 600 and VVX 601. This affects an unknown part of the component Web Configuration Application. The manipulation leads to insufficiently random values. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249255.
Frequently asked questions
- What is CVE-2023-4462?
- A vulnerability classified as problematic has been found in Poly Trio 8300, Trio 8500, Trio 8800, Trio C60, CCX 350, CCX 400, CCX 500, CCX 505, CCX 600, CCX 700, EDGE E100, EDGE E220, EDGE E300, EDGE E320, EDGE E350, EDGE E400, EDGE E450, EDGE E500, EDGE E550, VVX 101, VVX 150, VVX 201, VVX 250, VVX 300, VVX 301, VVX 310, VVX 311, VVX 350, VVX 400, VVX 401, VVX 410, VVX 411, VVX 450, VVX 500, VVX 501, VVX 600 and VVX 601. This affects an unknown part of the component Web Configuration Application. The manipulation leads to insufficiently random values. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249255.
- How severe is CVE-2023-4462?
- CVE-2023-4462 has a CVSS 3.x base score of 3.7, rated low severity. It is exploitable over network with high attack complexity, requires no privileges and no user interaction. Impact on confidentiality is low, integrity none, and availability none.
- Is CVE-2023-4462 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 1% (56th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2023-4462?
- CVE-2023-4462 primarily affects Poly Ccx 400 Firmware. In total, 4 product configurations (CPEs) are listed as vulnerable; see the affected-products list for the exact versions.
- How do I fix CVE-2023-4462?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- When was CVE-2023-4462 published?
- CVE-2023-4462 was published on 2023-12-29 and last updated on 2026-06-17.
References
- https://fahrplan.events.ccc.de/congress/2023/fahrplan/events/11919.html
- https://github.com/modzero/MZ-23-01-Poly-VoIP-Devices
- https://modzero.com/en/advisories/mz-23-01-poly-voip/
- https://support.hp.com/us-en/document/ish_9929296-9929329-16/hpsbpy03896
- https://vuldb.com/?ctiid.249255
- https://vuldb.com/?id.249255
- https://modzero.com/en/blog/multiple-vulnerabilities-in-poly-products/
Affected products (4)
- cpe:2.3:o:poly:ccx_400_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:poly:ccx_600_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:poly:trio_8800_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:poly:trio_c60_firmware:-:*:*:*:*:*:*:*
More vulnerabilities in Poly Ccx 400 Firmware
- CVE-2023-4464 — High (CVSS 7.2): A vulnerability, which was classified as critical, has been found in Poly Trio 8300, Trio 8500, Trio 8800, Trio C60,…
- CVE-2023-4463 — Medium (CVSS 5.3): A vulnerability classified as problematic was found in Poly CCX 400, CCX 600, Trio 8800 and Trio C60. This…
- CVE-2023-4466 — Low (CVSS 2.7): A vulnerability has been found in Poly CCX 400, CCX 600, Trio 8800 and Trio C60 and classified as problematic. Affected…
- CVE-2023-4465 — Low (CVSS 2.7): A vulnerability, which was classified as problematic, was found in Poly Trio 8300, Trio 8500, Trio 8800, Trio C60, CCX…
All CVEs affecting Poly Ccx 400 Firmware →
Other CWE-330 (Use of Insufficiently Random Values) vulnerabilities
- CVE-2023-22601 — Critical (CVSS 10.0): InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version…
- CVE-2026-25072 — Critical (CVSS 9.8): XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain a predictable session identifier…
- CVE-2026-27755 — Critical (CVSS 9.8): SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain a weak session identifier generation vulnerability…
- CVE-2026-27637 — Critical (CVSS 9.8): FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.206,…
- CVE-2025-64097 — Critical (CVSS 9.8): NervesHub is a web service that allows users to manage over-the-air (OTA) firmware updates of devices in the field. A…
- CVE-2025-4607 — Critical (CVSS 9.8): The PSW Front-end Login & Registration plugin for WordPress is vulnerable to Privilege Escalation in all versions up…
Browse all CWE-330 (Use of Insufficiently Random Values) vulnerabilities →