CVE-2023-25355

8.8HIGH

Key Information

Vendor: Coredial
Status: Sipxcom
Vendor: CVE Published:; 4 April 2023

Badges

👾 Exploit Exists🔴 Public PoC

Summary

CoreDial sipXcom up to and including 21.04 is vulnerable to Insecure Permissions. A user who has the ability to run commands as the `daemon` user on a sipXcom server can overwrite a service file, and escalate their privileges to `root`.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2023-25355-25356
Created by glefait

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

👾
Exploit exists.
Sep 4, 2024
Vulnerability published.
Apr 4, 2023
Vulnerability Reserved.
Feb 6, 2023

Collectors

NVD DatabaseMitre Database1 Proof of Concept(s)