Access Control Weakness in Zammad VoIP Logging by Zammad
CVE-2022-27332

9.1CRITICAL

Key Information:

Vendor: Zammad
Status: Zammad
Vendor: CVE Published:; 27 April 2022

What is CVE-2022-27332?

An access control flaw in Zammad v5.0.3 enables unauthorized users to write entries to the CTI caller log without proper authentication. This issue significantly heightens security risks, as attackers could leverage this vulnerability to launch phishing campaigns or induce a Denial of Service (DoS). By exploiting this flaw, malicious entities can manipulate sensitive logs, potentially leading to further exploitation of the system.

References

https://zammad.com/en/advisories/zaa-2022-01

x_refsource_MISC

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 27, 2022
Vulnerability Reserved
Mar 21, 2022

CVE-2022-27332 Data

JSON