CVE-2024-8504

Published: 2024-09-10T20:15Z

Last Modified: 2024-09-12T14:35Z

Source: MITRE CVE List

License: MITRE-CVE-TOS

An attacker with authenticated access to VICIdial as an "agent" can execute arbitrary shell commands as the "root" user. This attack can be chained with CVE-2024-8503 to execute arbitrary shell commands starting from an unauthenticated perspective. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt