cve/2024/CVE-2024-8504.md

CVE-2024-8504

Description

An attacker with authenticated access to VICIdial as an "agent" can execute arbitrary shell commands as the "root" user. This attack can be chained with CVE-2024-8503 to execute arbitrary shell commands starting from an unauthenticated perspective.

POC

Reference

• https://korelogic.com/Resources/Advisories/KL-001-2024-012.txt

Github

• https://github.com/Chocapikk/CVE-2024-8504
• https://github.com/havokzero/ViciDial