CVE-2024-8503

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Sep 10, 2024
Updated: Sep 11, 2024
CWE ID 89

Summary

CVE-2024-8503 is a critical vulnerability affecting VICIdial, where an unauthenticated attacker can exploit a time-based SQL injection to enumerate database records. This vulnerability poses a high risk due to the default storage of plaintext credentials in the database, leading to potential unauthorized access and data breaches. The exploitability score is 3.9, with a base severity rating of 9.8 on the CVSS scale, indicating significant impacts on confidentiality, integrity, and availability. Remediation measures include implementing input validation and updating to the latest security patches provided by VICIdial. Organizations using this software should prioritize addressing this vulnerability to mitigate risks associated with potential data exposure and unauthorized access.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share