9.8

CVE-2021-45461

Exploit
FreePBX, when restapps (aka Rest Phone Apps) 15.0.19.87, 15.0.19.88, 16.0.18.40, or 16.0.18.41 is installed, allows remote attackers to execute arbitrary code, as exploited in the wild in December 2021. The fixed versions are 15.0.20 and 16.0.19.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SangomaRestapps Version15.0.19.87
   SangomaFreepbx Version-
   SangomaPbxact Version-
SangomaRestapps Version15.0.19.88
   SangomaFreepbx Version-
   SangomaPbxact Version-
SangomaRestapps Version16.0.18.40
   SangomaFreepbx Version-
   SangomaPbxact Version-
SangomaRestapps Version16.0.18.41
   SangomaFreepbx Version-
   SangomaPbxact Version-
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 21.66% 0.973
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://community.freepbx.org/t/0-day-freepbx-exploit/80092
Vendor Advisory
Exploit
Issue Tracking
https://community.freepbx.org/t/security-issue-potential-rest-phone-apps-rce/80109
Vendor Advisory
https://wiki.freepbx.org/display/FOP/2021-12-21+SECURITY%3A+Potential+Rest+Phone+Apps+RCE
Vendor Advisory