Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

FreePBX < 2.2.1 VoIP Input Validation Vulnerabilities

High

Synopsis

The remote host is vulnerable to a buffer overflow.

Description

The remote host is running the FreePBX administrative interface. FreePBX is an Asterisk derivative that includes a Voice Over IP (VoIP) server and an administrative web interface. The web interface is used to manage the VoIP services.

This version of FreePBX is vulnerable to flaws in the way that it handles 'CALLERID(name)' and 'CALLERID(num)'. While the details are unknown, it is alleged that an attacker will be able to possibly inject or execute code on the remote system.

Solution

Upgrade to version 2.2.1 or higher.