Back to overview

CVE-2026-15373

MEDIUM Exploitation: PoC
6.3
CVSS 3.1
Description
A vulnerability was detected in Eleveo Call Recording Software 9.7.0. The impacted element is an unknown function of the file /callrec/userAddAction.do. Performing a manipulation of the argument role results in improper authorization. It is possible to initiate the attack remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Metadata

CVE ID
CVE-2026-15373
State
PUBLISHED
Assigner
VulDB
Reserved
2026-07-10 08:47 UTC
Published
2026-07-10 14:45 UTC
Last updated
2026-07-10 18:26 UTC
Primary CWE
CWE-285
Improper Authorization
Vendor / Product
Eleveo / Call Recording Software
Sources
cve.org  ·  NVD

Severity & Metrics

6.3 MEDIUM CVSS 3.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
SSVC — CISA Coordinator
Exploitation
PoC
Automatable
no
Tech. Impact
partial
Affected products (1)
VendorProductPlatformVersions
Eleveo Call Recording Software 9.7.0
Weakness (CWE)
CWESourceDescription
CWE-266 cna Incorrect Privilege Assignment
CWE-285 cna Improper Authorization
CVSS scores (4)
ScoreSeverityVersionSourceVector
6.5 N/D 2.0 cna AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR
6.3 MEDIUM 3.1 cna CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
6.3 MEDIUM 3.0 cna CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
5.3 MEDIUM 4.0 cna CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
References (5)
Back to overview