Arbitrary Shell Commands Execution Vulnerability

CVE-2024-8504

Currently unrated 🤨

Key Information

Vendor
Vicidial
Status
Vicidial
Vendor
CVE Published:
10 September 2024

Badges

👾 Exploit Exists🔴 Public PoC

Summary

An attacker with authenticated access to VICIdial as an "agent" can execute arbitrary shell commands as the "root" user. This attack can be chained with CVE-2024-8503 to execute arbitrary shell commands starting from an unauthenticated perspective.

Affected Version(s)

VICIdial = 2.14-917a

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

Refferences

EPSS Score

1% chance of being exploited in the next 30 days.

Timeline

  • 🔴

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

Collectors

NVD DatabaseMitre Database2 Proof of Concept(s)

Credit

Jaggar Henry of KoreLogic, Inc.
.