CVE-2014-7235
CVE-2014-7235
htdocs_ari/includes/login.php in the ARI Framework module/Asterisk Recording Interface (ARI) in FreePBX before 2.9.0.9, 2.10.x, and 2.11 before 2.11.1.5 allows remote attackers to execute arbitrary code via the ari_auth cookie, related to the PHP unserialize function, as exploited in the wild in September 2014.
Productos afectados
n/a · n/aPoCs públicas encontradas — 3
cve_referencepacketstormsecurity.com/files/128516/FreePBX-Authentication-Bypass-Account-Creation.htmlno verificadocve_referencewww.exploit-db.com/exploits/41005/no verificadoexploitdbwww.exploit-db.com/exploits/41005no verificado⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.
¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
http://community.freepbx.org/t/critical-freepbx-rce-vulnerability-all-versions-cve-2014-7235/24536http://packetstormsecurity.com/files/128516/FreePBX-Authentication-Bypass-Account-Creation.htmlhttp://secunia.com/advisories/61601https://exchange.xforce.ibmcloud.com/vulnerabilities/96790https://github.com/FreePBX/fw_ari/commit/f294b4580ce725ca3c5e692d86e63d40cef4d836https://www.exploit-db.com/exploits/41005/http://www.securityfocus.com/bid/70188