Information Disclosure Vulnerability in Yealink Meeting Server
CVE-2024-48353

7.5HIGH

Key Information:

Vendor: Yealink
Status: Yealink Meeting Server
Vendor: CVE Published:; 1 November 2024

What is CVE-2024-48353?

The Yealink Meeting Server prior to version V26.0.0.67 contains a vulnerability that enables unauthorized attackers to access sensitive static key information from a front-end JavaScript file. This exposure potentially allows the decryption of plaintext passwords using the compromised key information, posing significant security threats to user data and system integrity. The vulnerability emphasizes the importance of updating to the latest version and actively monitoring security advisories to safeguard against such exploits.

References

https://www.yealink.com/en/trust-center/security-advisori...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 1, 2024
Vulnerability Reserved
Oct 8, 2024