FreePBX < 2.2.1 VoIP Input Validation Vulnerabilities
High Nessus Network Monitor Plugin ID 3831
SynopsisThe remote host is vulnerable to a buffer overflow.
DescriptionThe remote host is running the FreePBX administrative interface. FreePBX is an Asterisk derivative that includes a Voice Over IP (VoIP) server and an administrative web interface. The web interface is used to manage the VoIP services.
This version of FreePBX is vulnerable to flaws in the way that it handles 'CALLERID(name)' and 'CALLERID(num)'. While the details are unknown, it is alleged that an attacker will be able to possibly inject or execute code on the remote system.
SolutionUpgrade to version 2.2.1 or higher.