- Description
- An attacker with authenticated access to VICIdial as an "agent" can execute arbitrary shell commands as the "root" user. This attack can be chained with CVE-2024-8503 to execute arbitrary shell commands starting from an unauthenticated perspective.
- Source
- bbf0bd87-ece2-41be-b873-96928ee8fab9
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- bbf0bd87-ece2-41be-b873-96928ee8fab9
- CWE-78
- Hype score
- Not currently trending
Threat actors exploits GlobalProtect (CVE-2024-3400) to deliver the Sliver C2 malware (up.js) by leveraging the compromised VICIdial server, threat actor likely exploited the (CVE-2024-8504) to store their payloads on legitimate server (104.131.69[.]106/vicidial/up.js). https://t
@WhichbufferArda
5 Dec 2024
8385 Impressions
30 Retweets
108 Likes
43 Bookmarks
3 Replies
0 Quotes
Exploit for CVE-2024-8504 & CVE-2024-8503: SQLi and RCE #Exploit #CVE-2024-8504 #SQLi #RCE #Vulnerabilities https://t.co/y5GuVkKBZW
@reverseame
21 Oct 2024
3870 Impressions
19 Retweets
64 Likes
26 Bookmarks
0 Replies
0 Quotes