CVE-2022-29330

MEDIUM

Telesoft VitalPBX <3.2.1 - Info Disclosure

Title source: llm

Description

Missing access control in the backup system of Telesoft VitalPBX before 3.2.1 allows attackers to access the PJSIP and SIP extension credentials, cryptographic keys and voicemails files via unspecified vectors.

References (2)

[Vendor Advisory] http://vitalpbx.com

[Exploit, Third Party Advisory] https://www.arsouyes.org/blog/2022/2022-06-30-VitalPBX-0day

Scores

CVSS v3 4.9

EPSS 0.0034

EPSS Percentile 56.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-330

Status published

Products (1)

vitalpbx/vitalpbx < 3.2.1

Published Jun 24, 2022

Tracked Since Feb 18, 2026