Exploitation Summary
EIP tracks 1 public exploit for CVE-2014-2347. PoCs published by Jared Bird.
AI-analyzed exploit summary The exploit demonstrates a session management vulnerability and authentication bypass in miSecureMessages, allowing unauthorized access to messages by manipulating the `contactID` parameter in SOAP requests.
Description
Amtelco miSecureMessages (aka MSM) 6.2 does not properly manage sessions, which allows remote authenticated users to obtain sensitive information via a modified message request.
Exploits (1)
exploitdb
WORKING POC
by Jared Bird · textwebappsmultiple
https://www.exploit-db.com/exploits/33019
The exploit demonstrates a session management vulnerability and authentication bypass in miSecureMessages, allowing unauthorized access to messages by manipulating the `contactID` parameter in SOAP requests.
Classification
Working Poc 95%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target:
miSecureMessages (Client=4.0.1, Server=6.2.4552.30017)
No auth needed
Prerequisites:
Valid license key · Access to the SOAP endpoint
MITRE ATT&CK
mistral-large-3 · analyzed Feb 16, 2026
Full analysis →
References (3)
Core 3
Core References
Various Sources x_refsource_misc
https://service.amtelco.com/INFINITY/MSM/MSM6.2SecurityBriefing.pdf
US Government Resource
http://ics-cert.us-cert.gov/advisories/ICSA-14-121-01
Third Party Advisory, US Government Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-14-121-01
Scores
EPSS
0.0242
EPSS Percentile
82.2%
Details
CWE
CWE-200
CWE-264
Status
published
Products (2)
amtelco/misecuremessages
6.2
AMTELCO/miSecureMessages
6.2
Published
May 06, 2014
Tracked Since
Feb 18, 2026