CVE-2024-8504

CVE-2024-8504: VICIdial Authenticated Remote Code Execution

Vendor Vicidial

Product VICIdial

Weakness CWE-78

Published September 10, 2024

Last update November 4, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

An attacker with authenticated access to VICIdial as an "agent" can execute arbitrary shell commands as the "root" user. This attack can be chained with CVE-2024-8503 to execute arbitrary shell commands starting from an unauthenticated perspective.

Key dates

02Disclosure timeline

September 10, 2024 CVE published

November 4, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-8504 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/78.html

Related vulnerabilities

CVE-2024-8504: VICIdial Authenticated Remote Code Execution

01Description

02Disclosure timeline

03References

04Related CVE