An attacker with authenticated access to VICIdial as an “agent” can execute arbitrary shell commands as the “root” user. This attack can be chained with CVE-2024-8503 to execute arbitrary shell commands starting from an unauthenticated perspective.
[
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "VICIdial",
"vendor": "VICIdial",
"versions": [
{
"status": "affected",
"version": "2.14-917a"
}
]
}
]