An attacker with authenticated access to VICIdial as an "agent" can execute arbitrary shell commands as the "root" user. This attack can be chained with CVE-2024-8503 to execute arbitrary shell commands starting from an unauthenticated perspective.
https://www.vicidial.org/vicidial.php
https://korelogic.com/Resources/Advisories/KL-001-2024-012.txt