CVE-2024-48197
Description
Cross Site Scripting vulnerability in Audiocodes MP-202b v.4.4.3 allows a remote attacker to escalate privileges via the login page of the web interface.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Cross-site scripting (XSS) in AudioCodes MP-202b login page allows remote attackers to escalate privileges.
Vulnerability
Description Cross-site scripting (XSS) vulnerability in AudioCodes MP-202b version 4.4.3 allows remote attackers to perform privilege escalation via the login page of the web interface. The login page fails to properly sanitize user input, enabling injection of arbitrary JavaScript code.
Exploitation
An unauthenticated attacker can craft a malicious URL containing the XSS payload and trick an administrator into accessing it. Since the attack is reflected or potentially stored in the login page, user interaction is required. The attacker must be on the same network or lure the victim to a crafted link. No authentication is needed to deliver the payload.
Impact
Successful exploitation allows the attacker to execute arbitrary JavaScript in the context of the victim's session. This can lead to session hijacking, credential theft, or unauthorized configuration changes, effectively escalating privileges within the device's management interface.
Mitigation
As of the publication date, no official patch or advisory has been released by AudioCodes [1]. Users should restrict network access to the management interface to trusted IPs, enable HTTPS, and monitor for unusual activity. The vendor may need to be contacted directly for a fix.
AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1- Range: = 4.4.3
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2News mentions
0No linked articles in our index yet.