FreePBX < 2.2.1 VoIP Input Validation Vulnerabilities

High Nessus Network Monitor Plugin ID 3831


The remote host is vulnerable to a buffer overflow.


The remote host is running the FreePBX administrative interface. FreePBX is an Asterisk derivative that includes a Voice Over IP (VoIP) server and an administrative web interface. The web interface is used to manage the VoIP services.

This version of FreePBX is vulnerable to flaws in the way that it handles 'CALLERID(name)' and 'CALLERID(num)'. While the details are unknown, it is alleged that an attacker will be able to possibly inject or execute code on the remote system.


Upgrade to version 2.2.1 or higher.

Plugin Details

Severity: High

ID: 3831

Family: Web Servers

Published: 2006/11/30

Modified: 2016/01/15

Dependencies: 1442

Risk Information

Risk Factor: High


Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:C


Base Score: 7.3

Temporal Score: 6.4


Temporal Vector: CVSS3#E:U/RL:O/RC:C

Reference Information

CVE: CVE-2006-6244

BID: 21359