CVE DATABASE / CVE-2022-29330

CVE-2022-29330

CVSS 4.9 · MEDIUM

Summary

Missing access control in the backup system of Telesoft VitalPBX before 3.2.1 allows attackers to access the PJSIP and SIP extension credentials, cryptographic keys and voicemails files via unspecified vectors.

CVSS 3.1 breakdown

Base score	4.9 (MEDIUM)
Vector	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Attack vector	NETWORK
Attack complexity	LOW
Privileges required	HIGH
User interaction	NONE
Scope	UNCHANGED
Confidentiality	HIGH
Integrity	NONE
Availability	NONE

Weakness type (CWE)

CWE-330

Affected products

Vitalpbx vitalpbx

Check this CVE live

Use our free CVE Lookup tool for the latest NVD record, or browse the full CISA KEV catalog.

References

http://vitalpbx.com
https://www.arsouyes.org/blog/2022/2022-06-30-VitalPBX-0day

Data: NIST NVD. NVD last modified 2024-11-21. Always verify against the vendor advisory before acting.