Missing access control in the backup system of Telesoft VitalPBX before 3.2.1 allows attackers to access the PJSIP and SIP extension credentials, cryptographic keys and voicemails files via unspecified vectors.
Threat-Mapped Scoring
Score: 0.0
Priority: Unclassified
EPSS
Score: 0.00335Percentile:
0.55754
CVSS Scoring
CVSS v3.1 Score: 4.9
Severity: MEDIUM
Mapped CWE(s)
CWE-330
: Use of Insufficiently Random Values
All CAPEC(s)
CAPEC-112 : Brute Force
CAPEC-485 : Signature Spoofing by Key Recreation
CAPEC-59 : Session Credential Falsification through Prediction
CAPEC(s) with Mapped TTPs
CAPEC-112 : Brute Force
Mapped TTPs:
CAPEC-485 : Signature Spoofing by Key Recreation
Mapped TTPs:
Mapped ATT&CK TTPs
T1110
: Brute Force
Kill Chain: credential-access
T1552.004
: Private Keys
Kill Chain: credential-access
Malware
APTs Threat Group Associations
Campaigns
Operation Wocao SolarWinds Compromise 2016 Ukraine Electric Power Attack Operation Dream Job
Affected Products
cpe:2.3:a:vitalpbx:vitalpbx:*:*:*:*:*:*:*:*
← Back to Home
BrownCoat Threat Intelligence Platform | 2025 Steve Gray — You Can’t Take the Sky from Me