CVE-2024-8504— VICIdial Authenticated Remote Code Execution

EPSS 93.08% · P100 Updated Nov 05, 2025

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2024-8504

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

VICIdial Authenticated Remote Code Execution

Source: NVD (National Vulnerability Database)

Vulnerability Description

An attacker with authenticated access to VICIdial as an "agent" can execute arbitrary shell commands as the "root" user. This attack can be chained with CVE-2024-8503 to execute arbitrary shell commands starting from an unauthenticated perspective.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

OS命令中使用的特殊元素转义处理不恰当(OS命令注入)

Source: NVD (National Vulnerability Database)

Vulnerability Title

VICIdial 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

VICIdial是VICIdial公司的一个软件套件。旨在与 Asterisk 开源 Pbx 电话系统交互，作为一个完整的呼入/呼出联络中心套件，同时支持呼入电子邮件。 VICIdial存在安全漏洞。攻击者利用该漏洞可以以“root”用户身份执行任意shell命令。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Shenlong Deep Dive — AI Deep Analysis

10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.

Read summary Full analysis (login)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
VICIdial	VICIdial	2.14-917a	-

II. Public POCs for CVE-2024-8504

#	POC Description	Source Link	Shenlong Link
1	VICIdial Unauthenticated SQLi to RCE Exploit (CVE-2024-8503 and CVE-2024-8504)	https://github.com/Chocapikk/CVE-2024-8504	POC Details
2	CVE-2024-8504	https://github.com/havokzero/ViciDial	POC Details

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2024-8504

请登录查看更多情报信息。

https://nvd.nist.gov/vuln/detail/CVE-2024-8504

IV. Related Vulnerabilities

Same product: VICIdial

Same vendor: VICIdial

Same weakness: CWE-78

V. Comments for CVE-2024-8504

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2024-8504— VICIdial Authenticated Remote Code Execution

I. Basic Information for CVE-2024-8504

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Shenlong Deep Dive — AI Deep Analysis

Affected Products

II. Public POCs for CVE-2024-8504

III. Intelligence Information for CVE-2024-8504

IV. Related Vulnerabilities

V. Comments for CVE-2024-8504

Leave a comment