• Latest
  • Trending
Vulnerabilities Found in GOautodial

Vulnerabilities Found in GOautodial

December 8, 2021
Qualcomm Announces Snapdragon 8+ Gen 1 and Snapdragon 7 Gen 1

Qualcomm Announces Snapdragon 8+ Gen 1 and Snapdragon 7 Gen 1

May 20, 2022
HP’s premium laptop revamp: more OLED displays, 12th-gen Intel CPUs

HP’s premium laptop revamp: more OLED displays, 12th-gen Intel CPUs

May 20, 2022
Android 13 beta will test out-of-the-box support for most braille displays

Android 13 beta will test out-of-the-box support for most braille displays

May 20, 2022
WhatsApp to Launch Cloud-Based Tools, Premium Features for Businesses

WhatsApp to Launch Cloud-Based Tools, Premium Features for Businesses

May 20, 2022
Huawei and SolarEdge Sign a Global Patent License Agreement

Huawei and SolarEdge Sign a Global Patent License Agreement

May 20, 2022
Dijbouti Telecom Welcomes the Landing of 2Africa Submarine Cable

Dijbouti Telecom Welcomes the Landing of 2Africa Submarine Cable

May 20, 2022
Ghana Smart Africa Digital Academy launches its national digital academy

Ghana Smart Africa Digital Academy launches its national digital academy

May 20, 2022
Ghana’s Rural Telecom Facilities to be Upgraded to 4G

Ghana’s Rural Telecom Facilities to be Upgraded to 4G

May 20, 2022
Silicon Power Announces UD90 PCIe 4.0 SSD

Silicon Power Announces UD90 PCIe 4.0 SSD

May 20, 2022
ZADAK Announces TWSG4S PCIe Gen4 x4 SSD

ZADAK Announces TWSG4S PCIe Gen4 x4 SSD

May 20, 2022
Samsung Sampling 512GB CXL Memory Module

Samsung Sampling 512GB CXL Memory Module

May 20, 2022
IBM Elastic Storage System 3500

IBM Elastic Storage System 3500

May 20, 2022
  • Consumer Watch
  • Kids Page
  • Directory
  • Events
  • Reviews
Saturday, 21 May, 2022
  • Login
itechnewsonline.com
  • Home
  • Tech
  • Africa Tech
  • InfoSEC
  • Data Science
  • Data Storage
  • Business
  • Opinion
Subscription
Advertise
No Result
View All Result
itechnewsonline.com
No Result
View All Result

Vulnerabilities Found in GOautodial

by ITECHNEWS
December 8, 2021
in Infosec
0 0
0
Vulnerabilities Found in GOautodial

A cybersecurity researcher has discovered multiple vulnerabilities in an open-source call center software suite used around the world.

The Synopsys Cybersecurity Research Center (CyRC) released an advisory today exposing two API vulnerabilities in GOautodial. While multiple providers sell GOautodial as a paid-for cloud service, it is available as a free download. 

YOU MAY ALSO LIKE

Lazarus hackers target VMware servers with Log4Shell exploits

Microsoft emergency updates fix Windows AD authentication issues

“The vulnerabilities discovered can be exploited remotely to read system settings without authentication and allow arbitrary code execution by any authenticated user via unrestricted file upload,” wrote researchers in the GOautodial advisory.

Among the vulnerabilities unearthed by Synopsys is the broken authentication flaw CVE-2021-43175, which allows attackers with access to the internal network hosting GOautodial to steal sensitive configuration data, such as default passwords, from the GOautodial server without credentials. 

Using this data, a threat actor could connect to other related systems on the network, such as VoIP phones. 

Another newly found flaw is CVE-2021-43176, which allows any authenticated user at any level to perform remote code execution.

“This would allow them to gain complete control over the GOautodial application on the server, steal the data from fellow employees and customers, and even rewrite the application to introduce malicious behavior such as stealing passwords or spoofing communications (sending messages or emails that look like they come from someone else),” warned CyRC.

Vulnerable versions of the GOautodial API are those created prior to September 27, 2021, including the latest publicly available ISO installer, GOautodial-4-x86_64-Final-20191010-0150.iso.

Scott Tolley, a researcher from the Synopsys Cybersecurity Research Center, discovered the vulnerabilities using the interactive application security testing (IAST) tool Seeker, which automatically tests for security vulnerabilities during the software development life cycle (SDLC). 

Tolley’s initial disclosure of the vulnerabilities to GOautodial took place on September 22. The company responded on October 20, saying that the vulnerabilities had been fixed.

Synopsys validated the fix by November 17, then published its advisory regarding the vulnerabilities earlier today. 

Other vulnerabilities discovered by keen bug-hunter Tolley include CVE-2021-33177, CVE-2021-33178, and CVE-2021-33179, which are SQL injection, path traversal, and XSS vulnerabilities in the popular application, service, and network monitoring software Nagios XI.

Sarah Coble News Writer | INFOSECURITY MAGAZINE

ShareTweetShare

Get real time update about this post categories directly on your device, subscribe now.

Unsubscribe

Search

No Result
View All Result

Recent News

Qualcomm Announces Snapdragon 8+ Gen 1 and Snapdragon 7 Gen 1

Qualcomm Announces Snapdragon 8+ Gen 1 and Snapdragon 7 Gen 1

May 20, 2022
HP’s premium laptop revamp: more OLED displays, 12th-gen Intel CPUs

HP’s premium laptop revamp: more OLED displays, 12th-gen Intel CPUs

May 20, 2022
Android 13 beta will test out-of-the-box support for most braille displays

Android 13 beta will test out-of-the-box support for most braille displays

May 20, 2022

About What We Do

itechnewsonline.com

We bring you the best Premium Tech News.

Recent News With Image

Qualcomm Announces Snapdragon 8+ Gen 1 and Snapdragon 7 Gen 1

Qualcomm Announces Snapdragon 8+ Gen 1 and Snapdragon 7 Gen 1

May 20, 2022
HP’s premium laptop revamp: more OLED displays, 12th-gen Intel CPUs

HP’s premium laptop revamp: more OLED displays, 12th-gen Intel CPUs

May 20, 2022

Recent News

  • Qualcomm Announces Snapdragon 8+ Gen 1 and Snapdragon 7 Gen 1 May 20, 2022
  • HP’s premium laptop revamp: more OLED displays, 12th-gen Intel CPUs May 20, 2022
  • Android 13 beta will test out-of-the-box support for most braille displays May 20, 2022
  • WhatsApp to Launch Cloud-Based Tools, Premium Features for Businesses May 20, 2022
  • Home
  • InfoSec
  • Opinion
  • Africa Tech
  • Data Storage

© 2021 iTechNewsOnline.Com - Powered by BackUpDataSystems

No Result
View All Result
  • Home
  • Tech
  • Africa Tech
  • InfoSEC
  • Data Science
  • Data Storage
  • Business
  • Opinion

© 2021 iTechNewsOnline.Com - Powered by BackUpDataSystems

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Add New Playlist

Are you sure want to unlock this post?
Unlock left : 0
Are you sure want to cancel subscription?
Go to mobile version