Coredial

coredial

2 CVEs • 1 product

Products (1)

Click to collapse

Toggle

Sipxcom

sipxcom

2 CVEs

CVEs (2)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-25356 1Coredial 1Sipxcom Feb 13, 2025 Apr 4, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 CoreDial sipXcom up to and including 21.04 is vulnerable to Improper Neutralization of Argument Delimiters in a Command. XMPP users are able to inject arbitrary arguments into a system command, which can be used to read...Show more CoreDial sipXcom up to and including 21.04 is vulnerable to Improper Neutralization of Argument Delimiters in a Command. XMPP users are able to inject arbitrary arguments into a system command, which can be used to read files from, and write files to, the sipXcom server. This can also be leveraged to gain remote command execution.Show less
CVE-2023-25355 1Coredial 1Sipxcom Feb 13, 2025 Apr 4, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 CoreDial sipXcom up to and including 21.04 is vulnerable to Insecure Permissions. A user who has the ability to run commands as the `daemon` user on a sipXcom server can overwrite a service file, and escalate their privi...Show more CoreDial sipXcom up to and including 21.04 is vulnerable to Insecure Permissions. A user who has the ability to run commands as the `daemon` user on a sipXcom server can overwrite a service file, and escalate their privileges to `root`.Show less

CVE

VENDORS

PRODUCTS

UPDATED

PUBLISHED

CVSS

CVE-2023-25356

1Coredial

1Sipxcom

Feb 13, 2025

Apr 4, 2023

N/A· v4

8.8 HIGH· v3

N/A· v2

CoreDial sipXcom up to and including 21.04 is vulnerable to Improper Neutralization of Argument Delimiters in a Command. XMPP users are able to inject arbitrary arguments into a system command, which can be used to read files from, and write files to, the sipXcom server. This can also be leveraged to gain remote command execution.Show less

CVE-2023-25355