Vulnerability Details CVE-2023-30024
The MagicJack device, a VoIP solution for internet phone calls, contains a hidden NAND flash memory partition allowing unauthorized read/write access. Attackers can exploit this by replacing the original software with a malicious version, leading to ransomware deployment on the host computer. Affected devices have firmware versions prior to magicJack A921 USB Phone Jack Rev 3.0 V1.4.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 17.2%
CVSS Severity
CVSS v3 Score 6.6
References
- https://drive.google.com/drive/folders/1cKd8hksThK610GPtBQ3du8DEkwKywlAi?usp=sharing
- https://pastebin.com/raw/irWcawp8
- https://samuraisecurity.co.uk/red-teaming-0x01-click-rce-via-voip-usb/
- https://www.magicjack.com/
- https://drive.google.com/drive/folders/1cKd8hksThK610GPtBQ3du8DEkwKywlAi?usp=sharing
- https://pastebin.com/raw/irWcawp8
- https://samuraisecurity.co.uk/red-teaming-0x01-click-rce-via-voip-usb/
- https://www.magicjack.com/
Products affected by CVE-2023-30024
-
cpe:2.3:h:magicjack:a921:3.0
-
cpe:2.3:o:magicjack:a921_firmware:1.4