CVE-2014-7235

htdocs_ari/includes/login.php in the ARI Framework module/Asterisk Recording Interface (ARI) in FreePBX before 2.9.0.9, 2.10.x, and 2.11 before 2.11.1.5 allows remote attackers to execute arbitrary code via the ari_auth cookie, related to the PHP unserialize function, as exploited in the wild in September 2014.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://community.freepbx.org/t/critical-freepbx-rce-vulnerability-all-versions-cve-2014-7235/24536
http://packetstormsecurity.com/files/128516/FreePBX-Authentication-Bypass-Account-Creation.html
http://secunia.com/advisories/61601
http://www.securityfocus.com/bid/70188
https://exchange.xforce.ibmcloud.com/vulnerabilities/96790
https://github.com/FreePBX/fw_ari/commit/f294b4580ce725ca3c5e692d86e63d40cef4d836
https://www.exploit-db.com/exploits/41005/
http://community.freepbx.org/t/critical-freepbx-rce-vulnerability-all-versions-cve-2014-7235/24536
http://packetstormsecurity.com/files/128516/FreePBX-Authentication-Bypass-Account-Creation.html
http://secunia.com/advisories/61601
http://www.securityfocus.com/bid/70188
https://exchange.xforce.ibmcloud.com/vulnerabilities/96790
https://github.com/FreePBX/fw_ari/commit/f294b4580ce725ca3c5e692d86e63d40cef4d836
https://www.exploit-db.com/exploits/41005/

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:freepbx:freepbx:2.10.0.0:::::::*
	cpe:2.3:a:freepbx:freepbx:2.10.0.1:::::::*
	cpe:2.3:a:freepbx:freepbx:2.10.0.2:::::::*
	cpe:2.3:a:freepbx:freepbx:2.10.0.3:::::::*
	cpe:2.3:a:freepbx:freepbx:2.10.0.4:::::::*
	cpe:2.3:a:freepbx:freepbx:2.10.0.5:::::::*
	cpe:2.3:a:freepbx:freepbx:2.10.0.6:::::::*
	cpe:2.3:a:freepbx:freepbx:2.10.0.7:::::::*
	cpe:2.3:a:freepbx:freepbx:2.10.0.8:::::::*
	cpe:2.3:a:freepbx:freepbx:2.10.0.9:::::::*
	cpe:2.3:a:freepbx:freepbx:2.10.0.10:::::::*
	cpe:2.3:a:freepbx:freepbx:2.11.1.0:::::::*
	cpe:2.3:a:freepbx:freepbx:2.11.1.1:::::::*
	cpe:2.3:a:freepbx:freepbx:2.11.1.2:::::::*
	cpe:2.3:a:freepbx:freepbx:2.11.1.3:::::::*
	cpe:2.3:a:freepbx:freepbx:2.11.1.4:::::::*
	cpe:2.3:a:sangoma:freepbx::::::::
	cpe:2.3:a:sangoma:freepbx:2.11.0.0:::::::*
	cpe:2.3:a:sangoma:freepbx:2.11.0.1:::::::*
	cpe:2.3:a:sangoma:freepbx:2.11.0.2:::::::*
	cpe:2.3:a:sangoma:freepbx:2.11.0.3:::::::*
	cpe:2.3:a:sangoma:freepbx:2.11.0.4:::::::*

History

21 Nov 2024, 02:16

Type	Values Removed	Values Added
References	~~() http://community.freepbx.org/t/critical-freepbx-rce-vulnerability-all-versions-cve-2014-7235/24536 -~~	() http://community.freepbx.org/t/critical-freepbx-rce-vulnerability-all-versions-cve-2014-7235/24536 -
References	~~() http://packetstormsecurity.com/files/128516/FreePBX-Authentication-Bypass-Account-Creation.html -~~	() http://packetstormsecurity.com/files/128516/FreePBX-Authentication-Bypass-Account-Creation.html -
References	~~() http://secunia.com/advisories/61601 -~~	() http://secunia.com/advisories/61601 -
References	~~() http://www.securityfocus.com/bid/70188 -~~	() http://www.securityfocus.com/bid/70188 -
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/96790 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/96790 -
References	~~() https://github.com/FreePBX/fw_ari/commit/f294b4580ce725ca3c5e692d86e63d40cef4d836 -~~	() https://github.com/FreePBX/fw_ari/commit/f294b4580ce725ca3c5e692d86e63d40cef4d836 -
References	~~() https://www.exploit-db.com/exploits/41005/ -~~	() https://www.exploit-db.com/exploits/41005/ -

Information

Published : 2014-10-07 14:55

Updated : 2024-11-21 02:16

NVD link : CVE-2014-7235

Mitre link : CVE-2014-7235

CVE.ORG link : CVE-2014-7235

JSON object : View

Products Affected

freepbx

freepbx

sangoma

freepbx

CWE

CWE-94

Improper Control of Generation of Code ('Code Injection')

10.0 /10