Missing access control in the backup system of Telesoft VitalPBX before 3.2.1 allows attackers to access the PJSIP and SIP extension credentials, cryptographic keys and voicemails files via unspecified vectors.
References
Link | Resource |
---|---|
http://vitalpbx.com | Vendor Advisory |
https://www.arsouyes.org/blog/2022/2022-06-30-VitalPBX-0day | Exploit Third Party Advisory |
http://vitalpbx.com | Vendor Advisory |
https://www.arsouyes.org/blog/2022/2022-06-30-VitalPBX-0day | Exploit Third Party Advisory |
Configurations
History
21 Nov 2024, 06:58
Type | Values Removed | Values Added |
---|---|---|
References | () http://vitalpbx.com - Vendor Advisory | |
References | () https://www.arsouyes.org/blog/2022/2022-06-30-VitalPBX-0day - Exploit, Third Party Advisory |
08 Aug 2023, 14:22
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-330 |
05 Jul 2022, 21:01
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 4.0
v3 : 4.9 |
References | (MISC) http://vitalpbx.com - Vendor Advisory | |
References | (MISC) https://www.arsouyes.org/blog/2022/2022-06-30-VitalPBX-0day - Exploit, Third Party Advisory | |
CPE | cpe:2.3:a:vitalpbx:vitalpbx:*:*:*:*:*:*:*:* | |
CWE | CWE-862 |
24 Jun 2022, 16:51
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-06-24 16:15
Updated : 2024-11-21 06:58
NVD link : CVE-2022-29330
Mitre link : CVE-2022-29330
CVE.ORG link : CVE-2022-29330
JSON object : View
Products Affected
vitalpbx
- vitalpbx
CWE
CWE-330
Use of Insufficiently Random Values