Grandstream IP PBX Appliance UCM6204 < 184.108.40.206 RCE
High Nessus Network Monitor Plugin ID 700492
The remote server is running a Grandstream IP PBX Appliance device that is vulnerable to a Remote Code Execution (RCE) attack vector.
The remote host is running a Grandstream UCM6204 IP PBX, firmware version prior to 220.127.116.11, and is therefore affected by a RCE attack vector. An attacker can exploit a blind command injection vulnerability in the "file-backup" parameter of the 'backupUCMConfig' API call allowing the execution of arbitrary code. (CVE-2019-10662) A vulnerability allows remote authenticated users to conduct SQL injection attacks via the sord parameter in a listCodeblueGroup API call to the '/cgi?' URI. (CVE-2019-10663)
Upgrade to Grandstream UCM6204 IP PBX firmware version 18.104.22.168 or later.