Primary

Context

Zenitel ICX-AlphaCom Database Query Vulnerability Allowing Credential Exposure

Vulnerability

A vulnerability exists in the Zenitel ICX-AlphaCom system that allows attackers to directly query the underlying database of the Billing Admin component. This could lead to the retrieval of all data stored in the Billing Admin database, including user credentials, as passwords are stored in plaintext. The vulnerability is present in ICX-AlphaCom versions 1.4.3.0 through 1.4.3.3.

Impact

Exploitation of this vulnerability could result in unauthorized access to user credentials, including plaintext passwords, stored in the Billing Admin database.

Remediation

Users can upgrade to ICX-AlphaCom version 1.4.3.3, which includes security fixes and re-enables the billing web component. Instructions for upgrading ICX-500/510 systems are available on the Zenitel Wiki.

Added: Sep 25, 2025, 8:17 PM

Updated: Sep 25, 2025, 8:17 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.2

remediation

0.0

relevance

0.5

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.2

remediation

0.0

relevance

0.5

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Zenitel ICX-AlphaCom Database Query Vulnerability Allowing Credential Exposure

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating