CVE-2024-24386

{"id": "CVE-2024-24386", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.2}]}, "published": "2024-02-15T08:15:46.497", "references": [{"url": "https://erickduarte.notion.site/VitalPBX-3-2-4-5-ee402173241c493687aa22ec60160c67?pvs=4", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/erick-duarte/CVE-2024-24386", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://erickduarte.notion.site/VitalPBX-3-2-4-5-ee402173241c493687aa22ec60160c67?pvs=4", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/erick-duarte/CVE-2024-24386", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-284"}]}], "descriptions": [{"lang": "en", "value": "An issue in VitalPBX v.3.2.4-5 allows an attacker to execute arbitrary code via a crafted payload to the /var/lib/vitalpbx/scripts folder."}, {"lang": "es", "value": "Un problema en VitalPBX v.3.2.4-5 permite a un atacante ejecutar c\u00f3digo arbitrario a trav\u00e9s de un payload manipulado en la carpeta /var/lib/vitalpbx/scripts."}], "lastModified": "2025-09-18T16:22:11.717", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:vitalpbx:vitalpbx:3.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7AA3E209-B4A1-46BE-900E-A1798EEAB862"}, {"criteria": "cpe:2.3:a:vitalpbx:vitalpbx:3.0.4-2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D6201481-7B1F-46A8-A351-F2E175D1469F"}, {"criteria": "cpe:2.3:a:vitalpbx:vitalpbx:3.0.4-4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "68266050-59C6-4E66-931A-CBEEB113FE48"}, {"criteria": "cpe:2.3:a:vitalpbx:vitalpbx:3.0.6-1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5BDC647C-314F-4595-9089-2E6442DF2D98"}, {"criteria": "cpe:2.3:a:vitalpbx:vitalpbx:3.0.6-2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4530FE16-EF04-4BF4-B40A-7E5C425DA7E7"}, {"criteria": "cpe:2.3:a:vitalpbx:vitalpbx:3.0.8:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B92D456C-2C67-4CC7-9D50-FB0BDB1055BE"}, {"criteria": "cpe:2.3:a:vitalpbx:vitalpbx:3.0.8:r2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6657D9A5-C96F-415F-A47C-384076268774"}, {"criteria": "cpe:2.3:a:vitalpbx:vitalpbx:3.0.8:r3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8DA04EFB-2EB9-46DB-871E-9F241DE3CC64"}, {"criteria": "cpe:2.3:a:vitalpbx:vitalpbx:3.0.9:r3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "150E347A-CFEC-4DB2-B639-DB0CFF703A1D"}, {"criteria": "cpe:2.3:a:vitalpbx:vitalpbx:3.0.9:r5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DCFBEC08-6DED-44C5-AE58-CC581674AA42"}, {"criteria": "cpe:2.3:a:vitalpbx:vitalpbx:3.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0341F1CA-351A-41B9-BCE8-F1BCD6577CF8"}, {"criteria": "cpe:2.3:a:vitalpbx:vitalpbx:3.1.1:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BB2352CA-E64C-44B8-8211-BA31E2712AC2"}, {"criteria": "cpe:2.3:a:vitalpbx:vitalpbx:3.1.1:r2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "994D7C50-0904-4E8E-88AC-1F3A0B69AFBF"}, {"criteria": "cpe:2.3:a:vitalpbx:vitalpbx:3.1.1:r3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6E98C8CE-666B-4D2D-A604-75157B9BA4CE"}, {"criteria": "cpe:2.3:a:vitalpbx:vitalpbx:3.1.2:r1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1FD9E729-FF63-4B16-9C1B-17EDC4DDBB66"}, {"criteria": "cpe:2.3:a:vitalpbx:vitalpbx:3.1.3:r1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5D4B3582-C31F-4F40-A523-97E776332982"}, {"criteria": "cpe:2.3:a:vitalpbx:vitalpbx:3.1.4:r1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "329EEA3D-31FE-4042-A811-993BD5135CC6"}, {"criteria": "cpe:2.3:a:vitalpbx:vitalpbx:3.1.4:r2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5F17CD04-11B5-45A9-8984-231C1BE87659"}, {"criteria": "cpe:2.3:a:vitalpbx:vitalpbx:3.1.5:r1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BF2A090A-A386-462A-ADC6-4EA984E254F5"}, {"criteria": "cpe:2.3:a:vitalpbx:vitalpbx:3.1.5:r2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "604234F5-28D4-42A1-A7A6-487A2812E556"}, {"criteria": "cpe:2.3:a:vitalpbx:vitalpbx:3.1.5:r3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E1A077CB-1FB6-4D0A-8E96-3640B185C3F3"}, {"criteria": "cpe:2.3:a:vitalpbx:vitalpbx:3.1.5:r4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EFA96AC8-4991-4E3C-A5EE-BB9975ED2AFF"}, {"criteria": "cpe:2.3:a:vitalpbx:vitalpbx:3.1.6:r1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E23AFB78-9257-4DA6-8F9A-3FBCA07E44F6"}, {"criteria": "cpe:2.3:a:vitalpbx:vitalpbx:3.1.7:r1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CB3F9A87-3402-4249-A996-971A9EF2B93B"}, {"criteria": "cpe:2.3:a:vitalpbx:vitalpbx:3.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "95B133E3-80F2-4A2E-BE44-AA12D957E572"}, {"criteria": "cpe:2.3:a:vitalpbx:vitalpbx:3.2.2:r1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C6F63367-FC93-47BE-BD82-B54BCFD20A39"}, {"criteria": "cpe:2.3:a:vitalpbx:vitalpbx:3.2.3:r1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5E9907EF-606B-451F-AFCF-1313841B967B"}, {"criteria": "cpe:2.3:a:vitalpbx:vitalpbx:3.2.3:r2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AF2A7259-A825-48DF-BA0E-C651D48E1EEB"}, {"criteria": "cpe:2.3:a:vitalpbx:vitalpbx:3.2.3:r4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "96959EA1-CDCC-4866-B88E-527B5140ED58"}, {"criteria": "cpe:2.3:a:vitalpbx:vitalpbx:3.2.3:r5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FE44F01C-22D7-467B-8EED-C9E1A47FD70B"}, {"criteria": "cpe:2.3:a:vitalpbx:vitalpbx:3.2.3:r6:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8F33F845-5F29-437E-B300-275251D48F8C"}, {"criteria": "cpe:2.3:a:vitalpbx:vitalpbx:3.2.3:r7:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FF1EDF5D-5FDF-49FB-90A0-86430A50E7C4"}, {"criteria": "cpe:2.3:a:vitalpbx:vitalpbx:3.2.3:r8:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C0349C89-A58F-4D2A-AAE1-39C3DCAD0550"}, {"criteria": "cpe:2.3:a:vitalpbx:vitalpbx:3.2.3:r9:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6B1C36E3-8282-48B8-8915-B291FA8000C2"}, {"criteria": "cpe:2.3:a:vitalpbx:vitalpbx:3.2.4:r1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4F8ADEF0-B388-4479-81C9-616A167DA6FD"}, {"criteria": "cpe:2.3:a:vitalpbx:vitalpbx:3.2.4:r2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "49F21157-8381-4639-8A29-06D1AB981021"}, {"criteria": "cpe:2.3:a:vitalpbx:vitalpbx:3.2.4:r4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C15D6CE0-5003-468F-B5D4-74DC26049925"}, {"criteria": "cpe:2.3:a:vitalpbx:vitalpbx:3.2.4:r5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B3A61623-D490-4227-BD3A-05C55B45D45C"}, {"criteria": "cpe:2.3:a:vitalpbx:vitalpbx:3.2.4:r6:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0D84418D-A1EE-4F87-ADA8-75C240757F38"}, {"criteria": "cpe:2.3:a:vitalpbx:vitalpbx:3.2.5:r1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1AAA26ED-9B33-4202-8163-0F7189833167"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}