Arbitrary Shell Commands Execution Vulnerability

CVE-2024-8504

Currently unrated 🤨

Key Information

Vendor: Vicidial
Status: Vicidial
Vendor: CVE Published:; 10 September 2024

Badges

👾 Exploit Exists🔴 Public PoC

Summary

An attacker with authenticated access to VICIdial as an "agent" can execute arbitrary shell commands as the "root" user. This attack can be chained with CVE-2024-8503 to execute arbitrary shell commands starting from an unauthenticated perspective.

Affected Version(s)

VICIdial = 2.14-917a

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-8504
Created by Chocapikk

ViciDial
Created by havokzero

Refferences

https://korelogic.com/Resources/Advisories/KL-001-2024-01...

third-party-advisory

https://www.vicidial.org/vicidial.php

product

EPSS Score

1% chance of being exploited in the next 30 days.

Timeline

🔴
Public PoC available
Sep 23, 2024
👾
Exploit known to exist
Sep 14, 2024
Vulnerability published
Sep 10, 2024

Collectors

NVD DatabaseMitre Database2 Proof of Concept(s)

Credit

Jaggar Henry of KoreLogic, Inc.