Primary

Context

AudioCodes MP-202b Cross-Site Scripting Vulnerability Allowing Privilege Escalation

Vulnerability

A cross-site scripting (XSS) vulnerability has been identified in the AudioCodes MP-202b device running version 4.4.3. This vulnerability allows remote attackers to escalate privileges by exploiting the login page of the web interface. The issue arises from reflected XSS, where an attacker can craft a URL that, when visited by a user, captures their login credentials.

Impact

Exploitation of this vulnerability could lead to unauthorized privilege escalation on the affected device.

Reproduction

To reproduce this vulnerability, a user must be coerced into clicking a specially crafted URL that exploits the reflected XSS vulnerability on the login page. Once the user logs in, the crafted URL can capture their login details, potentially allowing an attacker to escalate privileges.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

6.7

remediation

0.0

relevance

0.0

threat

1.7

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

6.7

remediation

0.0

relevance

0.0

threat

1.7

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

AudioCodes MP-202b Cross-Site Scripting Vulnerability Allowing Privilege Escalation

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating