Missing access control in the backup system of Telesoft VitalPBX before 3.2.1 allows attackers to access the PJSIP and SIP extension credentials, cryptographic keys and voicemails files via unspecified vectors.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.9 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N | 1.2 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-330,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vitalpbx | vitalpbx | * |
VitalPBX version 3.2.3-8 allows an unauthenticated external attacker to obtain the instance administrator's account. This is possible because the application is vulnerable to CSRF.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vitalpbx | vitalpbx | 3.2.3 |
VitalPBX version 3.2.3-8 allows an unauthenticated external attacker to obtain the instance's administrator account via a malicious link. This is possible because the application is vulnerable to XSS.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 2.8 | 2.7 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vitalpbx | vitalpbx | 3.2.3 |
An issue in VitalPBX v.3.2.4-5 allows an attacker to execute arbitrary code via a crafted payload to the /var/lib/vitalpbx/scripts folder.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vitalpbx | vitalpbx | 3.2.1 |
| vitalpbx | vitalpbx | 3.0.6-1 |
| vitalpbx | vitalpbx | 3.0.8 |
| vitalpbx | vitalpbx | 3.1.2 |
| vitalpbx | vitalpbx | 3.0.6-2 |
| vitalpbx | vitalpbx | 3.1.7 |
| vitalpbx | vitalpbx | 3.0.9 |
| vitalpbx | vitalpbx | 3.0.4 |
| vitalpbx | vitalpbx | 3.1.6 |
| vitalpbx | vitalpbx | 3.2.3 |
| vitalpbx | vitalpbx | 3.1.0 |
| vitalpbx | vitalpbx | 3.1.4 |
| vitalpbx | vitalpbx | 3.0.4-4 |
| vitalpbx | vitalpbx | 3.1.5 |
| vitalpbx | vitalpbx | 3.0.4-2 |
| vitalpbx | vitalpbx | 3.1.3 |
| vitalpbx | vitalpbx | 3.2.2 |
| vitalpbx | vitalpbx | 3.2.4 |
| vitalpbx | vitalpbx | 3.1.1 |
| vitalpbx | vitalpbx | 3.2.5 |