AI Score
Confidence
Low
EPSS
Percentile
65.6%
SSVC
Exploitation
poc
Automatable
no
Technical Impact
total
An attacker with authenticated access to VICIdial as an “agent” can execute arbitrary shell commands as the “root” user. This attack can be chained with CVE-2024-8503 to execute arbitrary shell commands starting from an unauthenticated perspective.
[
{
"cpes": [
"cpe:2.3:a:vicidial:vicidial:2.14-917a:*:*:*:*:*:*:*"
],
"vendor": "vicidial",
"product": "vicidial",
"versions": [
{
"status": "affected",
"version": "2.14-917a"
}
],
"defaultStatus": "unaffected"
}
]