CVE-2014-7235
N/A
N/A
Summary
htdocs_ari/includes/login.php in the ARI Framework module/Asterisk Recording Interface (ARI) in FreePBX before 2.9.0.9, 2.10.x, and 2.11 before 2.11.1.5 allows remote attackers to execute arbitrary code via the ari_auth cookie, related to the PHP unserialize function, as exploited in the wild in September 2014.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://packetstormsecurity.com/files/128516/FreePBX-Authentication-Bypass-Account-Creation.html
- http://secunia.com/advisories/61601
- https://github.com/FreePBX/fw_ari/commit/f294b4580ce725ca3c5e692d86e63d40cef4d836
- http://community.freepbx.org/t/critical-freepbx-rce-vulnerability-all-versions-cve-2014-7235/24536
- https://exchange.xforce.ibmcloud.com/vulnerabilities/96790
- https://www.exploit-db.com/exploits/41005/
- http://www.securityfocus.com/bid/70188
References
- http://packetstormsecurity.com/files/128516/FreePBX-Authentication-Bypass-Account-Creation.html
- http://secunia.com/advisories/61601
- https://github.com/FreePBX/fw_ari/commit/f294b4580ce725ca3c5e692d86e63d40cef4d836
- http://community.freepbx.org/t/critical-freepbx-rce-vulnerability-all-versions-cve-2014-7235/24536
- https://exchange.xforce.ibmcloud.com/vulnerabilities/96790
- https://www.exploit-db.com/exploits/41005/
- http://www.securityfocus.com/bid/70188
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.