CVE-2024-24721

An issue was discovered on Innovaphone PBX before 14r1 devices. The password form, used to authenticate, allows a Brute Force Attack through which an attacker may be able to access the administration panel

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 2.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://cds.thalesgroup.com/en/tcs-cert/CVE-2024-24721	Third Party Advisory
https://excellium-services.com/cert-xlm-advisory/CVE-2024-24721	Not Applicable
https://excellium-services.com/cert-xlm-advisory/CVE-2024-24721	Not Applicable

Configurations

Configuration 1 (hide)

cpe:2.3:a:innovaphone:innovaphone_pbx:*:*:*:*:*:*:*:*

History

18 Sep 2025, 16:26

Type	Values Removed	Values Added
CPE		cpe:2.3:a:innovaphone:innovaphone_pbx::::::::
First Time		Innovaphone Innovaphone innovaphone Pbx
References	~~() https://cds.thalesgroup.com/en/tcs-cert/CVE-2024-24721 -~~	() https://cds.thalesgroup.com/en/tcs-cert/CVE-2024-24721 - Third Party Advisory
References	~~() https://excellium-services.com/cert-xlm-advisory/CVE-2024-24721 -~~	() https://excellium-services.com/cert-xlm-advisory/CVE-2024-24721 - Not Applicable

30 May 2025, 16:15

Type	Values Removed	Values Added
References		() https://cds.thalesgroup.com/en/tcs-cert/CVE-2024-24721 -

26 Mar 2025, 16:15

Type	Values Removed	Values Added
CWE		CWE-307

Information

Published : 2024-02-27 00:15

Updated : 2025-09-18 16:26

NVD link : CVE-2024-24721

Mitre link : CVE-2024-24721

CVE.ORG link : CVE-2024-24721

JSON object : View

Products Affected

innovaphone

innovaphone_pbx

CWE

CWE-307

Improper Restriction of Excessive Authentication Attempts

6.5 /10