Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
10
CVSSv2

CVE-2014-7235

Published: 07/10/2014 Updated: 10/12/2019
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
VMScore: 1000
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Freepbx

Vulnerability Summary

htdocs_ari/includes/login.php in the ARI Framework module/Asterisk Recording Interface (ARI) in FreePBX prior to 2.9.0.9, 2.10.x, and 2.11 prior to 2.11.1.5 allows remote malicious users to execute arbitrary code via the ari_auth cookie, related to the PHP unserialize function, as exploited in the wild in September 2014.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

freepbx freepbx 2.10.0.5

freepbx freepbx 2.10.0.6

sangoma freepbx 2.11.0.2

sangoma freepbx 2.11.0.3

freepbx freepbx 2.10.0.1

freepbx freepbx 2.10.0.2

freepbx freepbx 2.10.0.9

freepbx freepbx 2.10.0.10

freepbx freepbx 2.11.1.1

freepbx freepbx 2.11.1.2

sangoma freepbx

freepbx freepbx 2.10.0.0

freepbx freepbx 2.10.0.7

freepbx freepbx 2.10.0.8

sangoma freepbx 2.11.0.4

freepbx freepbx 2.11.1.0

freepbx freepbx 2.10.0.3

freepbx freepbx 2.10.0.4

sangoma freepbx 2.11.0.0

sangoma freepbx 2.11.0.1

freepbx freepbx 2.11.1.3

freepbx freepbx 2.11.1.4

Exploits

Exploit DB: Freepbx < 2.11.1.5 - Remote Code Execution
Exploit Title: Freepbx coockie recordings injection Google Dork: Ask Santa Date: 23/12/2016 Exploit Author: inj3ctor3 Vendor Homepage: wwwfreepbxorg/ Software Link: ISO LINKS IN SITE wwwfreepbxorg/ Version: ALL &amp;&amp; unpatched/ (Trixbox/freepbx/elastix/pbxinflash/) Tested on: Centos 6 CVE : CVE-2014-7235 1 Description a ...
Exploit DB: FreePBX Remote Code Execution
FreePBX versions prior to 21115 suffer from a code execution vulnerability ...

References

CWE-94http://packetstormsecurity.com/files/128516/FreePBX-Authentication-Bypass-Account-Creation.htmlhttp://secunia.com/advisories/61601http://www.securityfocus.com/bid/70188https://github.com/FreePBX/fw_ari/commit/f294b4580ce725ca3c5e692d86e63d40cef4d836http://community.freepbx.org/t/critical-freepbx-rce-vulnerability-all-versions-cve-2014-7235/24536https://www.exploit-db.com/exploits/41005/https://exchange.xforce.ibmcloud.com/vulnerabilities/96790https://nvd.nist.govhttps://www.exploit-db.com/exploits/41005/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48693CVE-2024-30851CVE-2024-34460CVE-2024-2887localCVE-2024-27956remote code executionCVE-2024-34475privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook