| Titre | Eleveo Call Recording 9.7.0 Broken Access Control |
|---|
| Description | A Broken Access Control vulnerability exists in /callrec/userAddAction.do endpoint of Eleveo Call Recording 9.7.0 which allows low-privileged authenticated users, even those without “Users and Roles” privilege, to escalate their privileges to Administrator by creating an LDAP user assigned to any group, including the Admin group. The newly created user can then authenticate normally. The backend does not properly enforce role-based access control when the endpoint dispatch action is addGroupLdapUsers, allowing unauthorized LDAP user creation.
Impact
Privilege escalation of a low-privileged user to administrative privileges.
PoC
Comprehensive reproduction steps, including supporting screenshots, are available via the shared private link. Public disclosure will occur on GitHub after the responsible disclosure period of approximately 90 days has elapsed.
Note
Contact with the vendor was initiated on March 10, and no response has been received as of the submission date. The provided PoC is accessible via a restricted link and is intended solely for review purposes by anyone possessing the link. I plan to reserve a CVE early, with public disclosure scheduled after 90 days from the initial contact date, at which point the advisory will be published on my GitHub repository. The information shared here is provided exclusively to the VulnDB team to ensure awareness and understanding of the vulnerability details.
|
|---|
| La source | ⚠️ https://drive.google.com/file/d/1QqpeH0qWsSnSiMvPeRJvRSylwLGK3hsN/view?usp=sharing |
|---|
| Utilisateur | omarelshopky (UID 85487) |
|---|
| Soumission | 05/04/2026 21:47 (il y a 3 mois) |
|---|
| Modérer | 10/07/2026 10:47 (3 months later) |
|---|
| Statut | Accepté |
|---|
| Entrée VulDB | 377440 [Eleveo Call Recording Software 9.7.0 userAddAction.do role élévation de privilèges] |
|---|
| Points | 20 |
|---|