Podatność CVE-2023-25355
Publikacja: 2023-04-04

Opis:
CoreDial sipXcom up to and including 21.04 is vulnerable to Insecure Permissions. A user who has the ability to run commands as the `daemon` user on a sipXcom server can overwrite a service file, and escalate their privileges to `root`.

W naszej bazie, znaleźliśmy następujące noty dla tego CVE:
Tytuł
Autor
Data
High
CoreDial sipXcom sipXopenfire 21.04 Remote Command Execution / Weak Permissionsundefined
Systems Research...
08.03.2023

Typ:

CWE-78

 (Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') )

 Referencje:
https://seclists.org/fulldisclosure/2023/Mar/5
Copyright 2024, cxsecurity.com

 

Back to Top