CVE-2020-7351

Summary

An OS Command Injection vulnerability in the endpoint_devicemap.php component of Fonality Trixbox Community Edition allows an attacker to execute commands on the underlying operating system as the "asterisk" user. Note that Trixbox Community Edition has been unsupported by the vendor since 2012. This issue affects: Fonality Trixbox Community Edition, versions 1.2.0 through 2.8.0.4. Versions 1.0 and 1.1 are unaffected.

Affected Software

VendorProductVersion RangeStatus
FonalityTrixbox Community Edition1.0unaffected
FonalityTrixbox Community Edition1.1unaffected
FonalityTrixbox Community Edition2.8.0.4 <= 2.8.0.4affected

Weaknesses

  • CWE-78: CWE-78 OS Command Injection

ADP Enrichment

CVE Program Container

Additional References

References