Missing access control in the backup system of Telesoft VitalPBX before 3.2.1 allows attackers to access the PJSIP and SIP extension credentials, cryptographic keys and voicemails files via unspecified vectors.
https://www.arsouyes.org/blog/2022/2022-06-30-VitalPBX-0day
http://vitalpbx.com
Source: Mitre, NVD
Published: 2022-06-24
Updated: 2023-08-08
Base Score: 4
Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N
Severity: Medium
Base Score: 4.9
Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N