CVE-2022-29330

Missing access control in the backup system of Telesoft VitalPBX before 3.2.1 allows attackers to access the PJSIP and SIP extension credentials, cryptographic keys and voicemails files via unspecified vectors.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.9 MEDIUM
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 44%
VendorProductVersion
vitalpbxvitalpbx
𝑥
< 3.2.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://vitalpbx.com
https://www.arsouyes.org/blog/2022/2022-06-30-VitalPBX-0day
http://vitalpbx.com
https://www.arsouyes.org/blog/2022/2022-06-30-VitalPBX-0day