CVE-2019-11409

app/operator_panel/exec.php in the Operator Panel module in FusionPBX 4.4.3 suffers from a command injection vulnerability due to a lack of input validation that allows authenticated non-administrative attackers to execute commands on the host. This can further lead to remote code execution when combined with an XSS vulnerability also present in the FusionPBX Operator Panel module.

CVSS v3 8.8 HIGH
CVSS v2.0 6.5 MEDIUM

8.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

6.5^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:S/C:P/I:P/A:P

Exploitability : 8.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://packetstormsecurity.com/files/153256/FusionPBX-4.4.3-Remote-Command-Execution.html	Exploit Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/155344/FusionPBX-Operator-Panel-exec.php-Command-Execution.html	Exploit Third Party Advisory VDB Entry
https://blog.gdssecurity.com/labs/2019/6/7/rce-using-caller-id-multiple-vulnerabilities-in-fusionpbx.html	Exploit Third Party Advisory
https://github.com/fusionpbx/fusionpbx/commit/e43ca27ba2d9c0109a6bf198fe2f8d79f63e0611	Patch Third Party Advisory
http://packetstormsecurity.com/files/153256/FusionPBX-4.4.3-Remote-Command-Execution.html	Exploit Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/155344/FusionPBX-Operator-Panel-exec.php-Command-Execution.html	Exploit Third Party Advisory VDB Entry
https://blog.gdssecurity.com/labs/2019/6/7/rce-using-caller-id-multiple-vulnerabilities-in-fusionpbx.html	Exploit Third Party Advisory
https://github.com/fusionpbx/fusionpbx/commit/e43ca27ba2d9c0109a6bf198fe2f8d79f63e0611	Patch Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:fusionpbx:fusionpbx:4.4.3:*:*:*:*:*:*:*

History

21 Nov 2024, 04:21

Type	Values Removed	Values Added
References	~~() http://packetstormsecurity.com/files/153256/FusionPBX-4.4.3-Remote-Command-Execution.html - Exploit, Third Party Advisory, VDB Entry~~	() http://packetstormsecurity.com/files/153256/FusionPBX-4.4.3-Remote-Command-Execution.html - Exploit, Third Party Advisory, VDB Entry
References	~~() http://packetstormsecurity.com/files/155344/FusionPBX-Operator-Panel-exec.php-Command-Execution.html - Exploit, Third Party Advisory, VDB Entry~~	() http://packetstormsecurity.com/files/155344/FusionPBX-Operator-Panel-exec.php-Command-Execution.html - Exploit, Third Party Advisory, VDB Entry
References	~~() https://blog.gdssecurity.com/labs/2019/6/7/rce-using-caller-id-multiple-vulnerabilities-in-fusionpbx.html - Exploit, Third Party Advisory~~	() https://blog.gdssecurity.com/labs/2019/6/7/rce-using-caller-id-multiple-vulnerabilities-in-fusionpbx.html - Exploit, Third Party Advisory
References	~~() https://github.com/fusionpbx/fusionpbx/commit/e43ca27ba2d9c0109a6bf198fe2f8d79f63e0611 - Patch, Third Party Advisory~~	() https://github.com/fusionpbx/fusionpbx/commit/e43ca27ba2d9c0109a6bf198fe2f8d79f63e0611 - Patch, Third Party Advisory

18 Apr 2022, 17:16

Type	Values Removed	Values Added
References	~~(MISC) http://packetstormsecurity.com/files/155344/FusionPBX-Operator-Panel-exec.php-Command-Execution.html -~~	(MISC) http://packetstormsecurity.com/files/155344/FusionPBX-Operator-Panel-exec.php-Command-Execution.html - Exploit, Third Party Advisory, VDB Entry
CWE	~~CWE-79~~	CWE-78

Information

Published : 2019-06-17 19:15

Updated : 2024-11-21 04:21

NVD link : CVE-2019-11409

Mitre link : CVE-2019-11409

CVE.ORG link : CVE-2019-11409

JSON object : View

Products Affected

fusionpbx

fusionpbx

CWE

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

{"id": "CVE-2019-11409", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2019-06-17T19:15:11.327", "references": [{"url": "http://packetstormsecurity.com/files/153256/FusionPBX-4.4.3-Remote-Command-Execution.html", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "http://packetstormsecurity.com/files/155344/FusionPBX-Operator-Panel-exec.php-Command-Execution.html", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "https://blog.gdssecurity.com/labs/2019/6/7/rce-using-caller-id-multiple-vulnerabilities-in-fusionpbx.html", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/fusionpbx/fusionpbx/commit/e43ca27ba2d9c0109a6bf198fe2f8d79f63e0611", "tags": ["Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://packetstormsecurity.com/files/153256/FusionPBX-4.4.3-Remote-Command-Execution.html", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://packetstormsecurity.com/files/155344/FusionPBX-Operator-Panel-exec.php-Command-Execution.html", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://blog.gdssecurity.com/labs/2019/6/7/rce-using-caller-id-multiple-vulnerabilities-in-fusionpbx.html", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/fusionpbx/fusionpbx/commit/e43ca27ba2d9c0109a6bf198fe2f8d79f63e0611", "tags": ["Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-78"}]}], "descriptions": [{"lang": "en", "value": "app/operator_panel/exec.php in the Operator Panel module in FusionPBX 4.4.3 suffers from a command injection vulnerability due to a lack of input validation that allows authenticated non-administrative attackers to execute commands on the host. This can further lead to remote code execution when combined with an XSS vulnerability also present in the FusionPBX Operator Panel module."}, {"lang": "es", "value": "app / operator_panel / exec.php en el m\u00f3dulo del panel del operador en FreePBX 4.4.3 sufre una vulnerabilidad de inyecci\u00f3n de comandos debido a la falta de validaci\u00f3n de entrada que permite a los atacantes no administrativos autenticados ejecutar comandos en el host. Esto puede llevar adem\u00e1s a la ejecuci\u00f3n remota de c\u00f3digo cuando se combina con una vulnerabilidad XSS tambi\u00e9n presente en el m\u00f3dulo del Panel del operador de FusionPBX"}], "lastModified": "2024-11-21T04:21:03.357", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:fusionpbx:fusionpbx:4.4.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ED771627-B19B-4F2E-8366-2D98F13BF022"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}

8.8 /10