PT-2022-19547 · Telesoft · Telesoft Vitalpbx
Aryliin
+1
·
Published
2022-06-24
·
Updated
2023-08-08
·
CVE-2022-29330
CVSS v3.1
4.9
Medium
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Telesoft VitalPBX versions prior to 3.2.1
Description
The issue concerns missing access control in the backup system, allowing attackers to access sensitive data such as PJSIP and SIP extension credentials, cryptographic keys, and voicemails files via unspecified vectors.
Recommendations
For versions prior to 3.2.1, update to version 3.2.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the backup system to minimize the risk of exploitation.
Exploit
Fix
Use of Insufficiently Random Values
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Telesoft Vitalpbx