CVE-2022-29330

Published: Jun 24, 2022Modified: Jun 17, 2026

4.9

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Exploitability: 1.2 / Impact: 3.6

Source: NVD

Description

Missing access control in the backup system of Telesoft VitalPBX before 3.2.1 allows attackers to access the PJSIP and SIP extension credentials, cryptographic keys and voicemails files via unspecified vectors.

Affected (1)

Products: Vitalpbx: Vitalpbx

Vitalpbx

1 product

Vitalpbx

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Vitalpbx Vitalpbx	Before 3.2.1

Related CWEs

CWE-330

Use of Insufficiently Random Values

The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.

References (4)

http://vitalpbx.com

Source: cve@mitre.org

Vendor Advisory

https://www.arsouyes.org/blog/2022/2022-06-30-VitalPBX-0day

Source: cve@mitre.org

ExploitThird Party Advisory

http://vitalpbx.com

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://www.arsouyes.org/blog/2022/2022-06-30-VitalPBX-0day

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.