• Latest
  • Trending
Vulnerabilities Found in GOautodial

Vulnerabilities Found in GOautodial

December 8, 2021
Inaugural AfCFTA Conference on Women and Youth in Trade

Inaugural AfCFTA Conference on Women and Youth in Trade

September 6, 2022
Instagram fined €405m over children’s data privacy

Instagram fined €405m over children’s data privacy

September 6, 2022
8 Most Common Causes of a Data Breach

5.7bn data entries found exposed on Chinese VPN

August 18, 2022
Fibre optic interconnection linking Cameroon and Congo now operational

Fibre optic interconnection linking Cameroon and Congo now operational

July 15, 2022
Ericsson and MTN Rwandacell Discuss their Long-Term Partnership

Ericsson and MTN Rwandacell Discuss their Long-Term Partnership

July 15, 2022
Airtel Africa Purchases $42M Worth of Additional Spectrum

Airtel Africa Purchases $42M Worth of Additional Spectrum

July 15, 2022
Huawei steps up drive for Kenyan talent

Huawei steps up drive for Kenyan talent

July 15, 2022
TSMC predicts Q3 revenue boost thanks to increased iPhone 13 demand

TSMC predicts Q3 revenue boost thanks to increased iPhone 13 demand

July 15, 2022
Facebook to allow up to five profiles tied to one account

Facebook to allow up to five profiles tied to one account

July 15, 2022
Top 10 apps built and managed in Ghana

Top 10 apps built and managed in Ghana

July 15, 2022
MTN Group to Host the 2nd Edition of the MoMo API Hackathon

MTN Group to Host the 2nd Edition of the MoMo API Hackathon

July 15, 2022
KIOXIA Introduce JEDEC XFM Removable Storage with PCIe/NVMe Spec

KIOXIA Introduce JEDEC XFM Removable Storage with PCIe/NVMe Spec

July 15, 2022
  • Consumer Watch
  • Kids Page
  • Directory
  • Events
  • Reviews
Wednesday, 8 February, 2023
  • Login
itechnewsonline.com
  • Home
  • Tech
  • Africa Tech
  • InfoSEC
  • Data Science
  • Data Storage
  • Business
  • Opinion
Subscription
Advertise
No Result
View All Result
itechnewsonline.com
No Result
View All Result

Vulnerabilities Found in GOautodial

by ITECHNEWS
December 8, 2021
in Infosec
0 0
0
Vulnerabilities Found in GOautodial

A cybersecurity researcher has discovered multiple vulnerabilities in an open-source call center software suite used around the world.

The Synopsys Cybersecurity Research Center (CyRC) released an advisory today exposing two API vulnerabilities in GOautodial. While multiple providers sell GOautodial as a paid-for cloud service, it is available as a free download. 

YOU MAY ALSO LIKE

Instagram fined €405m over children’s data privacy

5.7bn data entries found exposed on Chinese VPN

“The vulnerabilities discovered can be exploited remotely to read system settings without authentication and allow arbitrary code execution by any authenticated user via unrestricted file upload,” wrote researchers in the GOautodial advisory.

Among the vulnerabilities unearthed by Synopsys is the broken authentication flaw CVE-2021-43175, which allows attackers with access to the internal network hosting GOautodial to steal sensitive configuration data, such as default passwords, from the GOautodial server without credentials. 

Using this data, a threat actor could connect to other related systems on the network, such as VoIP phones. 

Another newly found flaw is CVE-2021-43176, which allows any authenticated user at any level to perform remote code execution.

“This would allow them to gain complete control over the GOautodial application on the server, steal the data from fellow employees and customers, and even rewrite the application to introduce malicious behavior such as stealing passwords or spoofing communications (sending messages or emails that look like they come from someone else),” warned CyRC.

Vulnerable versions of the GOautodial API are those created prior to September 27, 2021, including the latest publicly available ISO installer, GOautodial-4-x86_64-Final-20191010-0150.iso.

Scott Tolley, a researcher from the Synopsys Cybersecurity Research Center, discovered the vulnerabilities using the interactive application security testing (IAST) tool Seeker, which automatically tests for security vulnerabilities during the software development life cycle (SDLC). 

Tolley’s initial disclosure of the vulnerabilities to GOautodial took place on September 22. The company responded on October 20, saying that the vulnerabilities had been fixed.

Synopsys validated the fix by November 17, then published its advisory regarding the vulnerabilities earlier today. 

Other vulnerabilities discovered by keen bug-hunter Tolley include CVE-2021-33177, CVE-2021-33178, and CVE-2021-33179, which are SQL injection, path traversal, and XSS vulnerabilities in the popular application, service, and network monitoring software Nagios XI.

Sarah Coble News Writer | INFOSECURITY MAGAZINE

ShareTweetShare
Plugin Install : Subscribe Push Notification need OneSignal plugin to be installed.

Search

No Result
View All Result

Recent News

Inaugural AfCFTA Conference on Women and Youth in Trade

Inaugural AfCFTA Conference on Women and Youth in Trade

September 6, 2022
Instagram fined €405m over children’s data privacy

Instagram fined €405m over children’s data privacy

September 6, 2022
8 Most Common Causes of a Data Breach

5.7bn data entries found exposed on Chinese VPN

August 18, 2022

About What We Do

itechnewsonline.com

We bring you the best Premium Tech News.

Recent News With Image

Inaugural AfCFTA Conference on Women and Youth in Trade

Inaugural AfCFTA Conference on Women and Youth in Trade

September 6, 2022
Instagram fined €405m over children’s data privacy

Instagram fined €405m over children’s data privacy

September 6, 2022

Recent News

  • Inaugural AfCFTA Conference on Women and Youth in Trade September 6, 2022
  • Instagram fined €405m over children’s data privacy September 6, 2022
  • 5.7bn data entries found exposed on Chinese VPN August 18, 2022
  • Fibre optic interconnection linking Cameroon and Congo now operational July 15, 2022
  • Home
  • InfoSec
  • Opinion
  • Africa Tech
  • Data Storage

© 2021-2022 iTechNewsOnline.Com - Powered by BackUPDataSystems

No Result
View All Result
  • Home
  • Tech
  • Africa Tech
  • InfoSEC
  • Data Science
  • Data Storage
  • Business
  • Opinion

© 2021-2022 iTechNewsOnline.Com - Powered by BackUPDataSystems

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In
Go to mobile version