PT-2024-20518 · Innovaphone · Innovaphone Pbx
Julien Blommaert
·
Published
2024-02-26
·
Updated
2025-03-26
·
CVE-2024-24721
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Innovaphone PBX versions prior to 14r1
Description
An issue was discovered in the password form used for authentication, allowing a Brute Force Attack. This could enable an attacker to access the administration panel.
Recommendations
For versions prior to 14r1, update to version 14r1 or later to resolve the issue. As a temporary workaround, consider restricting access to the administration panel or implementing additional authentication measures to minimize the risk of exploitation.
Fix
Improper Restriction of Excessive Authentication Attempts
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Innovaphone Pbx