Show filters
3 Total Results
Displaying 1-3 of 3
Sort by:
Attacker Value
Unknown

CVE-2023-33760

Disclosure Date: January 25, 2024 (last updated February 01, 2024)
SpliceCom Maximiser Soft PBX v1.5 and before was discovered to utilize a default SSL certificate. This issue can allow attackers to eavesdrop on communications via a man-in-the-middle attack.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2023-33759

Disclosure Date: January 25, 2024 (last updated February 01, 2024)
SpliceCom Maximiser Soft PBX v1.5 and before does not restrict excessive authentication attempts, allowing attackers to bypass authentication via a brute force attack.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2023-33758

Disclosure Date: January 25, 2024 (last updated February 01, 2024)
Splicecom Maximiser Soft PBX v1.5 and before was discovered to contain a cross-site scripting (XSS) vulnerability via the CLIENT_NAME and DEVICE_GUID fields in the login component.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0