cbcvebase.
CVE-2023-37599
published 2023-07-13

CVE-2023-37599: An issue in issabel-pbx v.4.0.0-6 allows a remote attacker to obtain sensitive information via the modules directory

PriorityP350high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
3.01%
85.7th percentile
An issue in issabel-pbx v.4.0.0-6 allows a remote attacker to obtain sensitive information via the modules directory

Affected

1 ranges
VendorProductVersion rangeFixed in
issabelpbx

Detection & IOCsextracted from sources · hover to see the quote

path/modules/
otherIndex of /modules
  • HTTP GET request to /modules/ returning status 200 with body containing 'Index of /modules' and any of 'issabel', 'asterisk_', or 'billing_' indicates exploitable directory listing on Issabel PBX 4.0.0-6.
  • Shodan/FOFA fingerprint for exposed Issabel PBX instances: search for title 'issabel' to identify potentially vulnerable targets.
  • ·The vulnerability is unauthenticated (no credentials required) and network-accessible, affecting Issabel PBX version 4.0.0-6 specifically.
  • ·EPSS score of 0.85615 (99.375th percentile) indicates very high likelihood of exploitation in the wild; prioritize detection and patching accordingly.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.