CVE-2023-34839

CVSS 3.1 Score 6.8 of 10 (medium)

Details

Published Jun 27, 2023
Updated: Jul 3, 2023
CWE ID 352

Summary

CVE-2023-34839 is a newly disclosed Cross-Site Request Forgery (CSRF) vulnerability affecting Issabel's issabel-pbx version 4.0.0-6. An attacker can exploit this flaw by crafting malicious requests, which, if successfully executed, could allow them to create new user functions with elevated privileges within the application. This vulnerability poses a significant risk, as it can be exploited remotely, potentially leading to unauthorized access and functional manipulation within the affected system. Users are strongly encouraged to apply the necessary patches to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share