Arbitrary Shell Commands Execution Vulnerability

CVE-2024-8504

Currently unrated 🤨

Key Information

Vendor: Vicidial
Status: Vicidial
Vendor: CVE Published:; 10 September 2024

Badges

👾 Exploit Exists🔴 Public PoC

Summary

An attacker with authenticated access to VICIdial as an "agent" can execute arbitrary shell commands as the "root" user. This attack can be chained with CVE-2024-8503 to execute arbitrary shell commands starting from an unauthenticated perspective.

Affected Version(s)

VICIdial = 2.14-917a

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-8504
Created by Chocapikk

Timeline

👾
Exploit exists.
Sep 14, 2024
Vulnerability published.
Sep 10, 2024

Collectors

NVD DatabaseMitre Database1 Proof of Concept(s)

Credit

Jaggar Henry of KoreLogic, Inc.