Vulnerability identifier: #VU22288
Vulnerability risk: Medium
CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-200
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
FusionPBX
Server applications /
SCADA systems
Vendor: FusionPBX
Description
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists in the "app/operator_panel/index_inc.php" file in the Operator Panel due to the debug parameter dumps the contents of several arrays, most notably the $_SESSION array. A remote authenticated administrator can gain unauthorized access to sensitive information on the system, such as the password for the FreeSWITCH event socket interface.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
FusionPBX: Master
External links
http://blog.gdssecurity.com/labs/2019/6/7/rce-using-caller-id-multiple-vulnerabilities-in-fusionpbx.html
http://github.com/fusionpbx/fusionpbx/commit/f38676b7b63bb1ec3a68d577fe23e6701f482aef
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.