CVE-2025-2611 Scanner
CVE-2025-2611 Scanner - Command Injection vulnerability in ICTBroadcast
Short Info
Level
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
9 days 15 hours
Scan only one
Domain, Subdomain, IPv4
Toolbox
ICTBroadcast is a leading telemarketing, auto dialer, and call center software solution. It is used by businesses and contact centers to automate outbound calling and manage communication campaigns. The software is widely utilized in industries such as marketing, sales, and customer service. ICTBroadcast enables users to reach a large audience efficiently with various marketing tactics. The platform supports interactive voice response (IVR) and offers features for voice, SMS, and email broadcasts. Companies utilize ICTBroadcast to enhance productivity, streamline communication processes, and improve customer interaction.
The Command Injection vulnerability in ICTBroadcast arises when user session cookie data is insecurely passed to shell processing functions. This vulnerability allows attackers to insert shell commands into the session cookie, leading to command execution on the server. It is a serious security issue that results in unauthenticated remote code execution by manipulating session handling. If exploited successfully, an attacker could execute arbitrary code, giving them control of the system. The vulnerability affects ICTBroadcast versions 7.4 and below, highlighting the need for prompt updates.
This vulnerability exploits the session handling mechanism by injecting shell commands through session cookies. The primary attack vector involves crafting a malicious session cookie containing encoded shell commands. When processed, these commands execute on the server due to improper input validation. The vulnerable endpoint is the login page, where the application sets and reads cookies. Attackers can exploit this flaw by delivering payloads that are executed as shell commands, leading to control over the server environment.
Exploiting this vulnerability can have severe consequences. Malicious actors could gain unauthorized access to the server, execute arbitrary commands, and compromise sensitive data. This vulnerability could facilitate further attacks on the network, leading to data breaches and potentially severe downtime for organizations. Additionally, servers could be co-opted into botnets or used to distribute malware, affecting the company's reputation and trustworthiness.
REFERENCES
