5 matches found
CVE-2023-25355
CoreDial sipXcom (sipXopenfire component) up to and including version 21.04 is affected by insecure permissions that allow a user who can run commands as the daemon user to overwrite a service file and escalate to root. The CVE description and multiple sources (NVD, Red Hat, PRION, PT-Security, a...
CVE-2023-25355
CoreDial sipXcom up to and including 21.04 is vulnerable to Insecure Permissions. A user who has the ability to run commands as the daemon user on a sipXcom server can overwrite a service file, and escalate their privileges to root...
CVE-2023-25355
creationtimestamp| type| source ---|---|--- 2023-03-09 09:30:40+00:00| seen| Telegram/u8qFNnGbmdhDbRieM14DKohWAZiXdZjBzXfZcPy9kpGgbAw 2023-03-09 11:05:16+00:00| published-proof-of-concept| https://t.me/CyberSecurityTechnologies/7892 2023-04-04 16:30:55+00:00| seen| https://t.me/cibsecurity/61396...
CoreDial sipXcom sipXopenfire 21.04 Remote Command Execution / Weak Permissions
¯¯¯¯¯¯¯/ ༼ つ ◕◕ ༽つ ง'̀-'́ง ╯°□°)╯︵ ┻━┻ ヽ´ー`ノ /¯¯ ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯ Product: sipXcom sipXopenfire Vendor: CoreDial Name: "sipXcom sipXopenfire XMPP message system command argument injection and insecure service file permissions RCE" Version:...
CoreDial sipXcom sipXopenfire 21.04 Remote Command Execution / Weak Permissionsundefined Exploit
CoreDial sipXcom sipXopenfire versions 21.04 and below suffer from XMPP message system command argument injection and insecure service file permissions that when chained together gives root. ¯¯¯¯¯¯¯/ ༼ つ ◕◕ ༽つ ง'̀-'́ง ╯°□°)╯︵ ┻━┻ ヽ´ー`ノ /¯¯...