Brute Force Attack Vulnerability in Innovaphone PBX Before 14r1 Devices
CVE-2024-24721

6.5MEDIUM

Key Information:

Vendor: Innovaphone
Vendor: CVE Published:; 27 February 2024

Summary

An issue was discovered on Innovaphone PBX before 14r1 devices. The password form, used to authenticate, allows a Brute Force Attack through which an attacker may be able to access the administration panel

References

https://excellium-services.com/cert-xlm-advisory/CVE-2024...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 27, 2024