#VU22208 Improper access control in FusionPBX - CVE-2019-16986
Published: October 23, 2019
Vulnerability identifier: #VU22208
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Green
CVE-ID: CVE-2019-16986
CWE-ID: CWE-284
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
FusionPBX
FusionPBX
Software vendor:
FusionPBX
FusionPBX
Description
The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to the application allows an attacker to download arbitrary file from the system passed via the "f" HTTP parameter to "/resources/download.php" or "/resources/secure_download.php" scripts. A remote authenticated user can pass a full filename to the application and download arbitrary file from the server using directory traversal sequences.
Remediation
Install updates from vendor's repository.
External links
- https://github.com/fusionpbx/fusionpbx/commit/9482d9ee0e4287df21339be4276125e38e048951
- https://github.com/fusionpbx/fusionpbx/commit/9c61191049c949e01f99ea1fbab1feb44709e108
- https://resp3ctblog.wordpress.com/2019/10/19/fusionpbx-path-traversal-2/
- https://www.fusionpbx.com/app/tickets/ticket_edit.php?id=2e4784b2-721e-4a15-8bef-962a3936aee1