FreePBX < 2.2.1 VoIP Input Validation Vulnerabilities

high Nessus Network Monitor Plugin ID 3831

Synopsis

The remote host is vulnerable to a buffer overflow.

Description

The remote host is running the FreePBX administrative interface. FreePBX is an Asterisk derivative that includes a Voice Over IP (VoIP) server and an administrative web interface. The web interface is used to manage the VoIP services.

This version of FreePBX is vulnerable to flaws in the way that it handles 'CALLERID(name)' and 'CALLERID(num)'. While the details are unknown, it is alleged that an attacker will be able to possibly inject or execute code on the remote system.

Solution

Upgrade to version 2.2.1 or higher.

Plugin Details

Severity: High

ID: 3831

Family: Web Servers

Published: 11/30/2006

Updated: 3/6/2019

Risk Information

VPR

Risk Factor: Medium

Score: 5.8

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS v3

Risk Factor: High

Base Score: 7.3

Temporal Score: 6.4

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:coalescent_systems:freepbx

Reference Information

CVE: CVE-2006-6244

BID: 21359

Detections

Analytics