| Reporter | Title | Published | Views | Family All 11 |
|---|---|---|---|---|
| CVE-2023-37599 | 13 Jul 202322:15 | – | attackerkb | |
| CVE-2023-37599 | 9 Dec 202408:20 | – | circl | |
| Issabel PBX 安全漏洞 | 13 Jul 202300:00 | – | cnnvd | |
| CVE-2023-37599 | 13 Jul 202300:00 | – | cve | |
| CVE-2023-37599 | 13 Jul 202300:00 | – | cvelist | |
| CVE-2023-37599 | 13 Jul 202322:15 | – | nvd | |
| Enabled Directory Listing/Indexing Detection (HTTP) | 26 Dec 201500:00 | – | openvas | |
| CVE-2023-37599 | 13 Jul 202322:15 | – | osv | |
| Design/Logic Flaw | 13 Jul 202322:15 | – | prion | |
| CVE-2023-37599 | 23 May 202504:04 | – | redhatcve |
id: CVE-2023-37599
info:
name: Issabel PBX 4.0.0-6 - Directory Listing
author: ritikchaddha
severity: high
description: |
An issue in issabel-pbx v.4.0.0-6 allows a remote attacker to obtain sensitive information via the modules directory
impact: |
Exploiting this vulnerability could lead to unauthorized access to sensitive directories and files, compromising the confidentiality of the system.
remediation: |
It is recommended to update to a patched version of issabel-pbx or apply necessary configuration changes to prevent directory listing.
reference:
- https://github.com/sahiloj/CVE-2023-37599
- https://nvd.nist.gov/vuln/detail/CVE-2023-37599
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cve-id: CVE-2023-37599
cwe-id: CWE-668
epss-score: 0.03009
epss-percentile: 0.85766
cpe: cpe:2.3:a:issabel:issabel-pbx:4.0.0-6:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
vendor: issabel
product: issabel-pbx
shodan-query: title:"issabel"
fofa-query: title="issabel"
tags: cve,cve2023,issabel,issabel-pbx,directory-listing,vuln
http:
- method: GET
path:
- '{{BaseURL}}/modules/'
matchers:
- type: dsl
dsl:
- 'contains(body, "Index of /modules")'
- 'contains_any(body, "issabel", "asterisk_", "billing_")'
- 'status_code == 200'
condition: and
# digest: 4a0a00473045022100cffab6d951ab325509b0a6221e54038746ac8009ca9b746f1fbd6366a70c6e9102207dfafc0875e929787a4300eaf902f9d5a7492f83dfe1e75bd9adcc4bd800ffdd:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation