Vulnerability CVE-2023-25355


Published: 2023-04-04

Description:
CoreDial sipXcom up to and including 21.04 is vulnerable to Insecure Permissions. A user who has the ability to run commands as the `daemon` user on a sipXcom server can overwrite a service file, and escalate their privileges to `root`.

See advisories in our WLB2 database:
Topic
Author
Date
High
CoreDial sipXcom sipXopenfire 21.04 Remote Command Execution / Weak Permissionsundefined
Systems Research...
08.03.2023

Type:

CWE-78

(Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') )

 References:
https://seclists.org/fulldisclosure/2023/Mar/5

Copyright 2024, cxsecurity.com

 

Back to Top