Cyber Resilience

CVE-2024-48197

Medium

Published: 02 January 2025

Published
02 January 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
EPSS Score 0.0454 89.4th percentile
Risk Priority 12 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-48197 is a medium-severity Cross-site Scripting (CWE-79) vulnerability in Audiocodes MP-202b (inferred from references). Its CVSS base score is 4.7 (Medium).

Operationally, ranked in the top 10.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

Deeper analysis

CVE-2024-48197 is a cross-site scripting vulnerability, tracked under CWE-79, that affects the Audiocodes MP-202b device running firmware version 4.4.3. The flaw resides in the login page of the web interface and carries a CVSS 3.1 base score of 4.7, reflecting network attack vector, low complexity, no required privileges, required user interaction, and changed scope with limited integrity impact.

A remote attacker can exploit the issue by delivering a crafted payload through the web login page, enabling privilege escalation within the affected device. The attack requires a victim user to interact with the malicious content, after which the attacker can perform actions under the compromised session context.

The EPSS score for this CVE rose from lower values after disclosure to a peak of 0.0625 on 2026-02-10 before receding to the current 0.0454, indicating a measurable increase in observed exploitation interest that warrants renewed monitoring. Public references point to the vendor site, a device-specific domain, and a GitHub repository containing further technical details, though no official patch or mitigation guidance is described in the available references.

EU & UK References

Vulnerability details

Cross Site Scripting vulnerability in Audiocodes MP-202b v.4.4.3 allows a remote attacker to escalate privileges via the login page of the web interface.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

Audiocodes
MP-202b
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-79

Penetration testing submits XSS payloads to web applications, detecting cross-site scripting flaws for subsequent remediation.

addresses: CWE-79

Validates web inputs to reject script-related content that could produce XSS.

addresses: CWE-79

Output validation against expected content can reject or sanitize script content in generated web pages, reducing XSS exploitability.

References