CNNVD-202511-715 Information
CNNVD ID
CNNVD-202511-715
Related CVE
- CNNVD Published: 2025-11-07
Description (Chinese)
FreePBX Endpoint Manager是FreePBX开源的一款集中管理IP电话终端配置模块。 FreePBX Endpoint Manager 17.0.2.36版本至17.0.3之前版本存在操作系统命令注入漏洞,该漏洞源于testconnection -> check_ssh_connect函数存在命令注入,可能导致远程访问系统。
Description (English)
FreePBX Endpoint Manager is a centralized IP telephone terminal configuration module for FreePBX open source. FreePBX Endpoint Manager 17.2.36 to 17.0.3 has an operational system command-injecting loophole, which originates from the command- > check ssh connect function and may lead to remote access to the system.
Hazard Level
Medium
Vulnerability Type
操作系统命令注入
Affected Vendor
FreePBX
Published
2025-11-07
Last Modified
2026-02-24
References
https://github.com/FreePBX/filestore/blob/f0e3983059271efd80b483ec823310ef19a59013/drivers/SSH/testconnection.php#L2 https://github.com/FreePBX/security-reporting/security/advisories/GHSA-vm9p-46mv-5xvw https://www.freepbx.org/watch-what-we-do-with-security-fixes-%f0%9f%91%80 https://access.redhat.com/security/cve/cve-2025-64328
Patch
https://www.freepbx.org/downloads/
Share on: