CVE-2023-25355

HIGH

Coredial Sipxcom < 21.04 - Incorrect Default Permissions

Title source: rule

Description

CoreDial sipXcom up to and including 21.04 is vulnerable to Insecure Permissions. A user who has the ability to run commands as the `daemon` user on a sipXcom server can overwrite a service file, and escalate their privileges to `root`.

Exploits (1)

nomisec WORKING POC 1 stars

by glefait · poc

https://github.com/glefait/CVE-2023-25355-25356

View Code ZIP pw:eip

References (1)

Core 1

Core References

Exploit, Mailing List, Third Party Advisory

https://seclists.org/fulldisclosure/2023/Mar/5

Scores

CVSS v3 8.8

EPSS 0.1077

EPSS Percentile 93.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-276

Status published

Products (1)

coredial/sipxcom < 21.04

Published Apr 04, 2023

Tracked Since Feb 18, 2026