vendor:
FreePBX and VOIP solutions (AsteriskNOW, TrixBox, etc) using it
by:
Wendel G. Henrique
8,8
CVSS
HIGH
Remote Code Execution
78
CWE
Product Name: FreePBX and VOIP solutions (AsteriskNOW, TrixBox, etc) using it
Affected Version From: 2.8.0
Affected Version To: 2.8.0
Patch Exists: YES
Related CWE: CVE-2010-3490
CPE: a:freepbx:freepbx
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: None
2010
Trustwave’s SpiderLabs Security Advisory TWSL2010-005: FreePBX recordings interface allows remote code execution
The configuration interface for FreePBX is prone to a remote arbitrary code execution on the system recordings menu. FreePBX doesn't handle file uploads in a secure manner, allowing an attacker to manipulate the file extension and the beginning of the uploaded file name. When a file is uploaded, a copy is saved temporarily under the /tmp/ directory, where the name of the file is composed by the user number followed by the string 'ivrrecording' and the file extension.
Mitigation:
Ensure that the file uploads are handled securely and that the file extensions are validated.
