Skip to content

Commit b2e4ec9

Browse files
msjenkins-r7msjenkins-r7
committed
automatic module_metadata_base.json update
1 parent 8761226 commit b2e4ec9

File tree

1 file changed

+60
-0
lines changed

1 file changed

+60
-0
lines changed

db/modules_metadata_base.json

Lines changed: 60 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -132541,6 +132541,66 @@
132541132541
"session_types": false,
132542132542
"needs_cleanup": null
132543132543
},
132544+
"exploit_unix/webapp/vicidial_agent_authenticated_rce": {
132545+
"name": "VICIdial Authenticated Remote Code Execution",
132546+
"fullname": "exploit/unix/webapp/vicidial_agent_authenticated_rce",
132547+
"aliases": [
132548+
132549+
],
132550+
"rank": 600,
132551+
"disclosure_date": "2024-09-10",
132552+
"type": "exploit",
132553+
"author": [
132554+
"Valentin Lobstein",
132555+
"Jaggar Henry of KoreLogic, Inc."
132556+
],
132557+
"description": "An attacker with authenticated access to VICIdial as an \"agent\"\n can execute arbitrary shell commands as the \"root\" user. This\n attack can be chained with CVE-2024-8503 to execute arbitrary\n shell commands starting from an unauthenticated perspective.",
132558+
"references": [
132559+
"CVE-2024-8504",
132560+
"URL-https://korelogic.com/Resources/Advisories/KL-001-2024-012.txt"
132561+
],
132562+
"platform": "Linux,Unix",
132563+
"arch": "ARCH_CMD",
132564+
"rport": 80,
132565+
"autofilter_ports": [
132566+
80,
132567+
8080,
132568+
443,
132569+
8000,
132570+
8888,
132571+
8880,
132572+
8008,
132573+
3000,
132574+
8443
132575+
],
132576+
"autofilter_services": [
132577+
"http",
132578+
"https"
132579+
],
132580+
"targets": [
132581+
"Unix/Linux Command Shell"
132582+
],
132583+
"mod_time": "2024-09-27 01:25:37 +0000",
132584+
"path": "/modules/exploits/unix/webapp/vicidial_agent_authenticated_rce.rb",
132585+
"is_install_path": true,
132586+
"ref_name": "unix/webapp/vicidial_agent_authenticated_rce",
132587+
"check": true,
132588+
"post_auth": true,
132589+
"default_credential": false,
132590+
"notes": {
132591+
"Stability": [
132592+
"crash-safe"
132593+
],
132594+
"SideEffects": [
132595+
"ioc-in-logs"
132596+
],
132597+
"Reliability": [
132598+
"repeatable-session"
132599+
]
132600+
},
132601+
"session_types": false,
132602+
"needs_cleanup": null
132603+
},
132544132604
"exploit_unix/webapp/vicidial_manager_send_cmd_exec": {
132545132605
"name": "VICIdial Manager Send OS Command Injection",
132546132606
"fullname": "exploit/unix/webapp/vicidial_manager_send_cmd_exec",

0 commit comments

Comments
 (0)