Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:30680
HistoryMay 05, 2014 - 12:00 a.m.

[CVE-2014-1903] FreePBX 2.9 through 12 RCE

2014-05-0500:00:00
vulners.com
70
JSON

Overview:
Unauthenticated user-level Remote Code Execution (RCE) vulnerability in admin/config.php, the main interface to FreePBX. This bug was introduced in FreePBX 2.9, earlier versions are not affected.

Score - 8.4
(AV:N/AC:L/Au:N/C:P/I:P/A:C/E:H/RL:OF/RC:C/CDP:MH/TD:ND/CR:L/IR:L/AR:M)

Reference to Advisory:
http://www.freepbx.org/news/2014-02-06/security-vulnerability-notice

Reference to Bug:
http://issues.freepbx.org/browse/FREEPBX-7123

Fixed in Versions:
2.9 – 2.9.0.14
2.10 - 2.10.1.15
2.11 - 2.11.0.23
12 - 12.0.1alpha22

Additional Information:
FreePBX contains an automatic alert service for upgrade notifications. If your system is set up correctly, you would have received an email alert of this vulnerability when it was detected and fixed. Schmoozecom strongly urges you to ensure that the email alert address is correct and up to date to ensure you receive notifications of security issues and pending updates.

Schmoozecom and FreePBX are very proactive and responsive to security issues, and care deeply about the security of our software and systems. We welcome security related bug reports and issues, and they can be submitted via email to [email protected] for instant attention.

JSON