← voltar
CVE-2014-7235

CVE-2014-7235

EPSS 43.0%
htdocs_ari/includes/login.php in the ARI Framework module/Asterisk Recording Interface (ARI) in FreePBX before 2.9.0.9, 2.10.x, and 2.11 before 2.11.1.5 allows remote attackers to execute arbitrary code via the ari_auth cookie, related to the PHP unserialize function, as exploited in the wild in September 2014.
Produtos afetados
n/a · n/a
PoCs públicas encontradas3
cve_referencepacketstormsecurity.com/files/128516/FreePBX-Authentication-Bypass-Account-Creation.htmlnão verificadocve_referencewww.exploit-db.com/exploits/41005/não verificadoexploitdbwww.exploit-db.com/exploits/41005não verificado
⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
http://community.freepbx.org/t/critical-freepbx-rce-vulnerability-all-versions-cve-2014-7235/24536http://packetstormsecurity.com/files/128516/FreePBX-Authentication-Bypass-Account-Creation.htmlhttp://secunia.com/advisories/61601https://exchange.xforce.ibmcloud.com/vulnerabilities/96790https://github.com/FreePBX/fw_ari/commit/f294b4580ce725ca3c5e692d86e63d40cef4d836https://www.exploit-db.com/exploits/41005/http://www.securityfocus.com/bid/70188