7.2

CVE-2019-11407

EPSS 0.86%
Veröffentlicht 17.06.2019 18:15:10
Zuletzt bearbeitet 21.11.2024 04:21:03
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

app/operator_panel/index_inc.php in the Operator Panel module in FusionPBX 4.4.3 suffers from an information disclosure vulnerability due to excessive debug information, which allows authenticated administrative attackers to obtain credentials and other sensitive information.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Fusionpbx ≫ Fusionpbx Version4.4.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.86%	0.743

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.2	1.2	5.9	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:P/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

https://blog.gdssecurity.com/labs/2019/6/7/rce-using-caller-id-multiple-vulnerabilities-in-fusionpbx.html

Third Party Advisory

https://github.com/fusionpbx/fusionpbx/commit/f38676b7b63bb1ec3a68d577fe23e6701f482aef

Patch

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2019-11407

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-11407

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-11407

EUVD