CVE-2024-47071
6.8
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N
Summary
OSS Endpoint Manager is an endpoint manager module for FreePBX. OSS Endpoint Manager module activation can allow authenticated web users unauthorized access to read system files with the permissions of the webserver process. This vulnerability is fixed in 14.0.4.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| FreePBX | endpointman | < 14.0.4 | affected |
Weaknesses
- CWE-22: CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: no
- Technical Impact: partial
References
- https://github.com/FreePBX/security-reporting/security/advisories/GHSA-x9wc-qjrc-j7ww
- https://github.com/FreePBX-ContributedModules/endpointman/commit/bad70ca3de2166bbd24f273f7f212a8b2c92a719
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.