CVE-2023-37599
published 2023-07-13CVE-2023-37599: An issue in issabel-pbx v.4.0.0-6 allows a remote attacker to obtain sensitive information via the modules directory
PriorityP350high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
3.01%
85.7th percentile
An issue in issabel-pbx v.4.0.0-6 allows a remote attacker to obtain sensitive information via the modules directory
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| issabel | pbx | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →HTTP GET request to /modules/ returning status 200 with body containing 'Index of /modules' and any of 'issabel', 'asterisk_', or 'billing_' indicates exploitable directory listing on Issabel PBX 4.0.0-6. ↗
- →Shodan/FOFA fingerprint for exposed Issabel PBX instances: search for title 'issabel' to identify potentially vulnerable targets. ↗
- ·The vulnerability is unauthenticated (no credentials required) and network-accessible, affecting Issabel PBX version 4.0.0-6 specifically. ↗
- ·EPSS score of 0.85615 (99.375th percentile) indicates very high likelihood of exploitation in the wild; prioritize detection and patching accordingly. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
Issabel PBX 4.0.0-6 - Directory Listing
nuclei·CVSS 7.5
CVE-2023-37599 [HIGH] Issabel PBX 4.0.0-6 - Directory Listing
Issabel PBX 4.0.0-6 - Directory Listing
An issue in issabel-pbx v.4.0.0-6 allows a remote attacker to obtain sensitive information via the modules directory
Template:
id: CVE-2023-37599
info:
name: Issabel PBX 4.0.0-6 - Directory Listing
author: ritikchaddha
severity: high
description: |
An issue in issabel-pbx v.4.0.0-6 allows a remote attacker to obtain sensitive information via the modules directory
impact: |
Exploiting this vulnerability could lead to unauthorized access to sensitive directories and files, compromising the confidentiality of the system.
remediation: |
It is recommended to update to a patched version of issabel-pbx or apply necessary configuration changes to prevent directory listing.
reference:
- https://github.com/sahiloj/CVE-2023-37599
- https://nvd.nist.gov/vuln
No writeups or analysis indexed.
2023-07-13
Published