An issue was discovered on Innovaphone PBX before 14r1 devices. The password form, used to authenticate, allows a Brute Force Attack through which an attacker may be able to access the administration panel
References
| Link | Resource |
|---|---|
| https://cds.thalesgroup.com/en/tcs-cert/CVE-2024-24721 | Third Party Advisory |
| https://excellium-services.com/cert-xlm-advisory/CVE-2024-24721 | Not Applicable |
| https://excellium-services.com/cert-xlm-advisory/CVE-2024-24721 | Not Applicable |
Configurations
History
18 Sep 2025, 16:26
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:a:innovaphone:innovaphone_pbx:*:*:*:*:*:*:*:* | |
| First Time |
Innovaphone innovaphone Pbx
Innovaphone |
|
| References | () https://cds.thalesgroup.com/en/tcs-cert/CVE-2024-24721 - Third Party Advisory | |
| References | () https://excellium-services.com/cert-xlm-advisory/CVE-2024-24721 - Not Applicable |
30 May 2025, 16:15
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
26 Mar 2025, 16:15
| Type | Values Removed | Values Added |
|---|---|---|
| CWE | CWE-307 |
21 Nov 2024, 08:59
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://excellium-services.com/cert-xlm-advisory/CVE-2024-24721 - |
12 Aug 2024, 18:35
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.5 |
27 Feb 2024, 00:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2024-02-27 00:15
Updated : 2025-09-18 16:26
NVD link : CVE-2024-24721
Mitre link : CVE-2024-24721
CVE.ORG link : CVE-2024-24721
JSON object : View
Products Affected
innovaphone
- innovaphone_pbx
CWE
CWE-307
Improper Restriction of Excessive Authentication Attempts