CVE-2024-8504

Published Sep 10, 2024

Last updated 2 months ago

CVSS high 8.8

Overview

Description
An attacker with authenticated access to VICIdial as an "agent" can execute arbitrary shell commands as the "root" user. This attack can be chained with CVE-2024-8503 to execute arbitrary shell commands starting from an unauthenticated perspective.
Source
bbf0bd87-ece2-41be-b873-96928ee8fab9
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
8.8
Impact score
5.9
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

bbf0bd87-ece2-41be-b873-96928ee8fab9
CWE-78

Social media

Hype score
Not currently trending

  1. Exploit for CVE-2024-8504 & CVE-2024-8503: SQLi and RCE #Exploit #CVE-2024-8504 #SQLi #RCE #Vulnerabilities https://t.co/y5GuVkKBZW

    @reverseame

    21 Oct 2024

    3870 Impressions

    19 Retweets

    64 Likes

    26 Bookmarks

    0 Replies

    0 Quotes

References