CVE-2022-29330

EUVD-2022-33672
Missing access control in the backup system of Telesoft VitalPBX before 3.2.1 allows attackers to access the PJSIP and SIP extension credentials, cryptographic keys and voicemails files via unspecified vectors.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.9 MEDIUM
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 55%
Affected Products (NVD)
VendorProductVersion
vitalpbxvitalpbx
𝑥
< 3.2.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://vitalpbx.com
https://www.arsouyes.org/blog/2022/2022-06-30-VitalPBX-0day
http://vitalpbx.com
https://www.arsouyes.org/blog/2022/2022-06-30-VitalPBX-0day