Lucene search

Bbf0bd87-ece2-41be-b873-96928ee8fab9NVD:CVE-2024-8503

HistorySep 10, 2024 - 8:15 p.m.

CVE-2024-8503

2024-09-1020:15:05

CWE-89

bbf0bd87-ece2-41be-b873-96928ee8fab9

web.nvd.nist.gov

unauthenticated attacker

sql injection

vicidial

plaintext credentials

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.003

Percentile

65.6%

JSON

An unauthenticated attacker can leverage a time-based SQL injection vulnerability in VICIdial to enumerate database records. By default, VICIdial stores plaintext credentials within the database.

References

korelogic.com/Resources/Advisories/KL-001-2024-011.txt

www.vicidial.org/vicidial.php

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.003

Percentile

65.6%

JSON

Related for NVD:CVE-2024-8503