An issue was discovered on Innovaphone PBX before 14r1 devices. The password form, used to authenticate, allows a Brute Force Attack through which an attacker may be able to access the administration panel
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-02-27
Updated
2024-02-27
An issue was discovered on Innovaphone PBX before 14r1 devices. It provides different responses to incoming requests in a way that reveals information to an attacker.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-02-27
Updated
2024-02-27
AP Manager in Innovaphone before 13r2 Service Release 17 allows command injection via a modified service ID during app upload.
Max CVSS
7.2
EPSS Score
0.08%
Published
2022-09-30
Updated
2022-10-11
Multiple cross-site request forgery (CSRF) vulnerabilities in innovaphone PBX 10.00 sr11 and earlier allow remote attackers to hijack the authentication of administrators for requests that modify configurations or user accounts, as demonstrated by (1) changing the administrator password via a crafted request to CMD0/mod_cmd.xml or (2) adding a new SIP user via a crafted request to PBX0/ADMIN/mod_cmd_login.xml.
Max CVSS
6.8
EPSS Score
0.19%
Published
2014-08-25
Updated
2018-10-09
4 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!