FreePBX < 2.2.1 VoIP Input Validation Vulnerabilities

High Nessus Network Monitor Plugin ID 3831

Synopsis

The remote host is vulnerable to a buffer overflow.

Description

The remote host is running the FreePBX administrative interface. FreePBX is an Asterisk derivative that includes a Voice Over IP (VoIP) server and an administrative web interface. The web interface is used to manage the VoIP services.

This version of FreePBX is vulnerable to flaws in the way that it handles 'CALLERID(name)' and 'CALLERID(num)'. While the details are unknown, it is alleged that an attacker will be able to possibly inject or execute code on the remote system.

Solution

Upgrade to version 2.2.1 or higher.

Plugin Details

Severity: High

ID: 3831

Family: Web Servers

Published: 2006/11/30

Modified: 2016/01/15

Dependencies: 1442

Risk Information

Risk Factor: High

CVSSv2

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

CVSSv3

Base Score: 7.3

Temporal Score: 6.4

Vector: CVSS3#AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS3#E:U/RL:O/RC:C

Reference Information

CVE: CVE-2006-6244

BID: 21359