CVE-2024-24386 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.2 HIGH	NETWORK	LOW	HIGH	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
mitre	CNA	---				---
CVE	ADP	---				---
CISA-ADP	ADP	7.2 HIGH	NETWORK	LOW	HIGH	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 76%

Vendor	Product	Version
vitalpbx	vitalpbx	3.0.4
vitalpbx	vitalpbx	3.0.4-2
vitalpbx	vitalpbx	3.0.4-4
vitalpbx	vitalpbx	3.0.6-1
vitalpbx	vitalpbx	3.0.6-2
vitalpbx	vitalpbx	3.0.8
vitalpbx	vitalpbx	3.0.8:r2
vitalpbx	vitalpbx	3.0.8:r3
vitalpbx	vitalpbx	3.0.9:r3
vitalpbx	vitalpbx	3.0.9:r5
vitalpbx	vitalpbx	3.1.0
vitalpbx	vitalpbx	3.1.1
vitalpbx	vitalpbx	3.1.1:r2
vitalpbx	vitalpbx	3.1.1:r3
vitalpbx	vitalpbx	3.1.2:r1
vitalpbx	vitalpbx	3.1.3:r1
vitalpbx	vitalpbx	3.1.4:r1
vitalpbx	vitalpbx	3.1.4:r2
vitalpbx	vitalpbx	3.1.5:r1
vitalpbx	vitalpbx	3.1.5:r2
vitalpbx	vitalpbx	3.1.5:r3
vitalpbx	vitalpbx	3.1.5:r4
vitalpbx	vitalpbx	3.1.6:r1
vitalpbx	vitalpbx	3.1.7:r1
vitalpbx	vitalpbx	3.2.1
vitalpbx	vitalpbx	3.2.2:r1
vitalpbx	vitalpbx	3.2.3:r1
vitalpbx	vitalpbx	3.2.3:r2
vitalpbx	vitalpbx	3.2.3:r4
vitalpbx	vitalpbx	3.2.3:r5
vitalpbx	vitalpbx	3.2.3:r6
vitalpbx	vitalpbx	3.2.3:r7
vitalpbx	vitalpbx	3.2.3:r8
vitalpbx	vitalpbx	3.2.3:r9
vitalpbx	vitalpbx	3.2.4:r1
vitalpbx	vitalpbx	3.2.4:r2
vitalpbx	vitalpbx	3.2.4:r4
vitalpbx	vitalpbx	3.2.4:r5
vitalpbx	vitalpbx	3.2.4:r6
vitalpbx	vitalpbx	3.2.5:r1

𝑥

= Vulnerable software versions

Known Exploits!

Common Weakness Enumeration

CWE-284 - Improper Access Control
The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References

https://erickduarte.notion.site/VitalPBX-3-2-4-5-ee402173241c493687aa22ec60160c67?pvs=4

https://github.com/erick-duarte/CVE-2024-24386

https://erickduarte.notion.site/VitalPBX-3-2-4-5-ee402173241c493687aa22ec60160c67?pvs=4

https://github.com/erick-duarte/CVE-2024-24386