Lucene search
KoreLogicCVELIST:CVE-2024-8504HistorySep 10, 2024 - 7:23 p.m.
CVE-2024-8504 VICIdial Authenticated Remote Code Execution
2024-09-1019:23:39
CWE-78
KoreLogic
www.cve.org
12
authenticated
vicidial
remote code execution
chained attack
shell commands
EPSS
0.003
Percentile
65.6%
An attacker with authenticated access to VICIdial as an “agent” can execute arbitrary shell commands as the “root” user. This attack can be chained with CVE-2024-8503 to execute arbitrary shell commands starting from an unauthenticated perspective.
CNA Affected
[
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "VICIdial",
"vendor": "VICIdial",
"versions": [
{
"status": "affected",
"version": "2.14-917a"
}
]
}
]Related
korelogic
korelogic
VICIdial Authenticated Remote Code Execution
2024-09-10 00:00:00
VICIdial Unauthenticated SQL Injection
2024-09-10 00:00:00
vulnrichment
vulnrichment
CVE-2024-8504 VICIdial Authenticated Remote Code Execution
2024-09-10 19:23:39
CVE-2024-8503 VICIdial Unauthenticated SQL Injection
2024-09-10 19:22:40
nvd
nvd
CVE-2024-8504
2024-09-10 20:15:05
CVE-2024-8503
2024-09-10 20:15:05
packetstorm
packetstorm
VICIdial 2.14-917a Remote Code Execution
2024-09-11 00:00:00
VICIdial 2.14-917a SQL Injection
2024-09-11 00:00:00
zdt
zdt
VICIdial 2.14-917a Remote Code Execution Vulnerability
2024-09-11 00:00:00
VICIdial 2.14-917a SQL Injection Vulnerability
2024-09-11 00:00:00
cve
cve
CVE-2024-8504
2024-09-10 20:15:05
CVE-2024-8503
2024-09-10 20:15:05
githubexploit
githubexploit
Exploit for CVE-2024-8504
2024-09-14 06:27:11
Exploit for CVE-2024-8504
2024-09-22 20:17:10
cvelist
cvelist
CVE-2024-8503 VICIdial Unauthenticated SQL Injection
2024-09-10 19:22:40
metasploit
metasploit
Vicidial SQL Injection Time-based Admin Credentials Enumeration
2024-09-11 00:25:31
rapid7blog
rapid7blog
Metasploit Weekly Wrap-Up 09/27/2024
2024-09-27 19:21:52