CVE-2024-57055
MEDIUMWombatDialer < 25.02 - Unauthenticated Server-Side Access Control Bypass
Title source: llmDescription
Server-Side Access Control Bypass vulnerability in WombatDialer before 25.02 could allow unauthorized users to potentially call certain services without the necessary access level. This issue is limited to services used by the client (not the general-use JSON services) and requires reverse engineering of the proprietary serialization protocol, making it difficult to exploit.
References (1)
Core 1
Core References
Various Sources
https://www.wombatdialer.com/blog/blog/2025/02/18/CVE/
Scores
CVSS v3
5.0
EPSS
0.0025
EPSS Percentile
15.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-306
Status
published
Published
Feb 18, 2025
Tracked Since
Feb 18, 2026