FeedlyFeedly
CVEsCVEs
Threat IntelligenceThreat Intelligence
Threat IntelligenceThreat Intelligence
Log in
ChangelogChangelog
ChangelogChangelog
Log in
Log in
Start Free Trial
Start Free Trial
FeedlyFeedly
CVEsCVEs
Threat IntelligenceThreat Intelligence
Threat IntelligenceThreat Intelligence
Log in
ChangelogChangelog
ChangelogChangelog
Log in
Log in
Start Free Trial
Start Free Trial

Exploit
CVE-2023-25356

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') (CWE-88)

Published: Apr 4, 2023 / Updated: 19mo ago

010
CVSS 8.8EPSS 0.09%High
CVE info copied to clipboard

CoreDial sipXcom up to and including 21.04 is vulnerable to Improper Neutralization of Argument Delimiters in a Command. XMPP users are able to inject arbitrary arguments into a system command, which can be used to read files from, and write files to, the sipXcom server. This can also be leveraged to gain remote command execution.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Timeline

First Article

Feedly found the first article mentioning CVE-2023-25356. See article

Mar 7, 2023 at 3:16 AM / seclists.org
Threat Intelligence Report

CVE-2023-25356 is a critical OS command argument injection vulnerability in sipXopenfire, allowing XMPP users to execute arbitrary commands via a curl request. This vulnerability has not been reported as exploited in the wild, but proof-of-concept exploits may exist. No patches or mitigations have been provided, potentially impacting other third-party vendors using sipXopenfire. See article

Mar 7, 2023 at 3:16 AM
EPSS

EPSS Score was set to: 0.09% (Percentile: 36.9%)

Sep 20, 2023 at 9:46 AM
Static CVE Timeline Graph

Affected Systems

Coredial/sipxcom
+null more

Exploits

https://seclists.org/fulldisclosure/2023/Mar/5
+null more

Attack Patterns

CAPEC-137: Parameter Injection
+null more

References

[CVE-2023-25355/25356] No fix available - vulnerabilities in CoreDial sipXcom sipXopenfire
Full Disclosure / 20mo
sipXopenfire is affected by an OS command argument injection vulnerability (CVE-2023-25356), which allows any user with an XMPP account to pass arbitrary arguments to a curl command. Since we can download files and write them to the filesystem, and the sipXopenfire process runs as the daemon user, we can overwrite the /etc/init.d/openfire file with a modified version.
[RTCSec news] Trojan 3CX Client, CRA talk, OpenSIPS audit report and much more
RTC security / 19mo
Hi there, RTCSec News March 2023: VoIP security testing CI/CD automation, Cyber Resilience Act vs IP Communications, 3CX malware, VoLTE RCE Silent fix in Kamailio gets a CVE, vulnerable door phones and various other security reports
RTCSec Newsletter March 2023: Trojan 3CX Client, CRA talk, OpenSIPS audit report and much more
Real-time communications security on Communication Breakdown - VoIP & WebRTC Security / 19mo
Silent fix in Kamailio gets a CVE, vulnerable door phones and various other security reports More news from us, including the OpenSIPS security audit report and a chat about the Cyber Resilience Act

News

Exploit for Incorrect Default Permissions in Coredial Sipxcom exploit
Sploitus.com Exploits RSS Feed / 2mo
glefait/CVE-2023-25355-25356
PoC-in-GitHub RSS / 2mo
The CVE-2023-25355 is an exfiltration mecanism where files on the sipXcom server are uploaded on a webserver controlled by the attacker. The CVE-2023-25356 is an extension of the first vulnerability where files controlled by the attacker can be written on the sipXcom server filesystem.
[RTCSec news] October 2023 - security theatre and PBX hacking, plus last month's advisories 
RTC security / 13mo
Hi there, RTCSec News October 2023: hacking PBX and UC at DEF CON, FreePBX vulnerabilities, Attack Platform and advisories for October 2024 Even if they had a bug bounty page indicating that they have processes in place for receiving security reports - they actually provided no proper response, no CVEs were issued by the time of the presentation and generally, it was very discouraging.
October 2023: security theatre and PBX hacking, plus last month's advisories
RTCSec Newsletter - a monthly newsletter about VoIP and WebRTC security on Communication Breakdown - VoIP & WebRTC Security / 13mo
Even if they had a bug bounty page indicating that they have processes in place for receiving security reports - they actually provided no proper response, no CVEs were issued by the time of the presentation and generally, it was very discouraging. Short news including MiTM attacks on XMPP, monthly vulnerability fixes and much more!
Update Tue Sep 26 11:01:07 UTC 2023
Recent Commits to cve:main / 14mo
Update Tue Sep 26 11:01:07 UTC 2023
See 23 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:Low
User Interaction:None
Scope:Unchanged
Confidentiality:High
Integrity:High
Availability Impact:High

Categories

CVSS 8.8(18246)CWE-88(244)Coredial()

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI

Feedly Threat Intelligence30-day free trial