CVE-2024-52881

High

Published: 07 February 2025

Published

07 February 2025

Modified

01 May 2025

KEV Added

—

Patch

—

CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS Score 0.0011 29.1th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-52881 is a high-severity Use of Hard-coded Cryptographic Key (CWE-321) vulnerability in Audiocodes One Voice Operations Center. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Credentials In Files (T1552.001); ranked at the 29.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-12 (Cryptographic Key Establishment and Management) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Credentials In Files (T1552.001). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SC-12 Cryptographic Key Establishment and Management good match

prevent

SC-12 requires secure establishment and management of cryptographic keys, directly preventing the use of hard-coded keys that enable decryption of sensitive data from the topology file.

SI-2 Flaw Remediation good match

prevent

SI-2 mandates identification, reporting, and timely remediation of software flaws like the hard-coded key vulnerability, by applying updates such as OVOC 8.4.582 or later.

SC-28 Protection of Information at Rest partial match

prevent

SC-28 ensures cryptographic protection of sensitive information at rest, such as passwords in the topology file, mitigating risks from inadequate encryption practices.

MITRE ATT&CK Enterprise TechniquesAI

T1552.001 Credentials In Files Credential Access

Adversaries may search local file systems and remote file shares for files containing insecurely stored credentials.

attack.mitre.org →

Why these techniques?

Hard-coded key enables decryption of passwords stored in topology file, directly facilitating credential access from files.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

NVD Description

An issue was discovered in AudioCodes One Voice Operations Center (OVOC) before 8.4.582. Due to the use of a hard-coded key, an attacker is able to decrypt sensitive data such as passwords extracted from the topology file.

Deeper analysisAI

CVE-2024-52881 is a cryptographic failure vulnerability (CWE-321) in AudioCodes One Voice Operations Center (OVOC) versions before 8.4.582. The issue stems from the use of a hard-coded key, which enables decryption of sensitive data, such as passwords, extracted from the topology file. The vulnerability carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), highlighting high confidentiality impact with network accessibility and no requirements for privileges or user interaction.

An unauthenticated attacker with network access can exploit this vulnerability if they obtain the topology file. By leveraging the hard-coded key, the attacker can decrypt embedded sensitive information, including passwords, potentially leading to unauthorized access to managed voice systems or further compromise within the environment.

For mitigation details, refer to the SYSS advisory at https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-079.txt and the AudioCodes OVOC product page at https://www.audiocodes.com/solutions-products/products/management-products-solutions/one-voice-operations-center. Updating to OVOC version 8.4.582 or later addresses the hard-coded key issue.