CVE-2024-8504

CVE Database · CVE-2024-8504

CVE-2024-8504

· HIGHDeferred

CVSS v3.1

8.8

EPSS

75.38%

Published

Sep 10, 2024

Modified

Apr 14, 2026

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

An attacker with authenticated access to VICIdial as an "agent" can execute arbitrary shell commands as the "root" user. This attack can be chained with CVE-2024-8503 to execute arbitrary shell commands starting from an unauthenticated perspective.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-78

References (3)

https://korelogic.com/Resources/Advisories/KL-001-2024-012.txt

https://www.vicidial.org/vicidial.php

http://seclists.org/fulldisclosure/2024/Sep/26

KEV Catalog EPSS Scores Vendors All CVEs