CVE-2021-45461 Information
Jun 07, 2022
cve
Description
FreePBX when restapps (aka Rest Phone Apps) 15.0.19.87 15.0.19.88 16.0.18.40 or 16.0.18.41 is installed allows remote attackers to execute arbitrary code as exploited in the wild in December 2021. The fixed versions are 15.0.20 and 16.0.19.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Reference
https://community.freepbx.org/t/security-issue-potential-rest-phone-apps-rce/80109 https://wiki.freepbx.org/display/FOP/2021-12-21+SECURITY%3A+Potential+Rest+Phone+Apps+RCE https://community.freepbx.org/t/0-day-freepbx-exploit/80092
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
HIGH
Base Severity
9.8
Share on: