Design/Logic Flaw

2020-03-1621:15:00

PRIOn knowledge base

www.prio-n.com

7.2 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.4%

JSON

In Sangoma FreePBX 13 through 15 and sysadmin (aka System Admin) 13.0.92 through 15.0.13.6 modules have a Remote Command Execution vulnerability that results in Privilege Escalation.

CPENameOperatorVersion
freepbxlt13.0.92
freepbxge14.0.0.0
freepbxlt14.0.38.3
freepbxge15.0.0.0
freepbxlt15.0.13.6

Name	Operator	Version
freepbx	lt	13.0.92
freepbx	ge	14.0.0.0
freepbx	lt	14.0.38.3
freepbx	ge	15.0.0.0
freepbx	lt	15.0.13.6

References

community.freepbx.org/t/freepbx-security-vulnerability-sec-2019-00

wiki.freepbx.org/display/FOP/2019-12-03+Remote+Command+Execution