Main Vulnerability Database Exploits ID:906 - Exploit for Code injection in FreePBX - CVE-2014-7235

ID:906 - Exploit for Code injection in FreePBX - CVE-2014-7235

Published: March 18, 2020

Vulnerability identifier: #VU5362

Vulnerability risk: Critical

CVE-ID: CVE-2014-7235

CWE-ID: CWE-94

Exploitation vector: Remote access

Vulnerable software:
FreePBX

Link to public exploit:

https://www.exploit-db.com/exploits/41005/

Vulnerability description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to an error in the legacy FreePBX ARI Framework module/Asterisk Recording Interface (ARI). A remote attacker can bypass the authentication process and execute arbitrary code with administrative privileges.

Successful exploitation results in arbitrary code execution on the vulnerable system.

Note: this vulnerability was being actively exploited.

Remediation

Update to version 2.12.0.5 or later.

ID:906 - Exploit for Code injection in FreePBX - CVE-2014-7235

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human