10 - CVE-2014-7235

Executive Summary

Informations
Name	CVE-2014-7235	First vendor Publication	2014-10-07
Vendor	Cve	Last vendor Modification	2019-12-10

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score	10	Attack Range	Network
Cvss Impact Score	10	Attack Complexity	Low
Cvss Expoit Score	10	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

htdocs_ari/includes/login.php in the ARI Framework module/Asterisk Recording Interface (ARI) in FreePBX before 2.9.0.9, 2.10.x, and 2.11 before 2.11.1.5 allows remote attackers to execute arbitrary code via the ari_auth cookie, related to the PHP unserialize function, as exploited in the wild in September 2014.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7235

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-94	Failure to Control Generation of Code ('Code Injection')

CPE : Common Platform Enumeration

Type	Description	Count
Application	Freepbx cpe:2.3:a:freepbx:freepbx:2.11.1.4:::::::* cpe:2.3:a:freepbx:freepbx:2.11.1.3:::::::* cpe:2.3:a:freepbx:freepbx:2.11.1.2:::::::* cpe:2.3:a:freepbx:freepbx:2.11.1.1:::::::* cpe:2.3:a:freepbx:freepbx:2.11.1.0:::::::* cpe:2.3:a:freepbx:freepbx:2.10.0.9:::::::* cpe:2.3:a:freepbx:freepbx:2.10.0.8:::::::* cpe:2.3:a:freepbx:freepbx:2.10.0.7:::::::* cpe:2.3:a:freepbx:freepbx:2.10.0.6:::::::* cpe:2.3:a:freepbx:freepbx:2.10.0.5:::::::* cpe:2.3:a:freepbx:freepbx:2.10.0.4:::::::* cpe:2.3:a:freepbx:freepbx:2.10.0.3:::::::* cpe:2.3:a:freepbx:freepbx:2.10.0.2:::::::* cpe:2.3:a:freepbx:freepbx:2.10.0.10:::::::* cpe:2.3:a:freepbx:freepbx:2.10.0.1:::::::* cpe:2.3:a:freepbx:freepbx:2.10.0.0:::::::*	16
Application	Sangoma Freepbx cpe:2.3:a:sangoma:freepbx:2.9:::::::* cpe:2.3:a:sangoma:freepbx:2.5.0:::::::* cpe:2.3:a:sangoma:freepbx:2.4.0:::::::* cpe:2.3:a:sangoma:freepbx:2.11.0.4:::::::* cpe:2.3:a:sangoma:freepbx:2.11.0.3:::::::* cpe:2.3:a:sangoma:freepbx:2.11.0.2:::::::* cpe:2.3:a:sangoma:freepbx:2.11.0.1:::::::* cpe:2.3:a:sangoma:freepbx:2.11.0.0:::::::* cpe:2.3:a:sangoma:freepbx::::::::	9

Snort® IPS/IDS

Date	Description
2015-01-13	FreePBX Framework Asterisk recording interface PHP unserialize code execution... RuleID : 32753 - Revision : 5 - Type : SERVER-WEBAPP

Nessus® Vulnerability Scanner

Date	Description
2015-02-05	Name : The remote web server hosts a PHP application that is affected by an authenti... File : freepbx_recordings_auth_bypass.nasl - Type : ACT_ATTACK

Sources (Detail)

Source	Url
BID	http://www.securityfocus.com/bid/70188
CONFIRM	http://community.freepbx.org/t/critical-freepbx-rce-vulnerability-all-version... https://github.com/FreePBX/fw_ari/commit/f294b4580ce725ca3c5e692d86e63d40cef4...
EXPLOIT-DB	https://www.exploit-db.com/exploits/41005/
MISC	http://packetstormsecurity.com/files/128516/FreePBX-Authentication-Bypass-Acc...
SECUNIA	http://secunia.com/advisories/61601
XF	https://exchange.xforce.ibmcloud.com/vulnerabilities/96790

Alert History

If you want to see full details history, please login or register.

Date	Informations
2021-05-05 01:15:58	Multiple Updates
2021-05-04 12:33:55	Multiple Updates
2021-04-22 01:41:03	Multiple Updates
2020-05-23 01:53:12	Multiple Updates
2020-05-23 00:42:16	Multiple Updates
2017-09-08 09:23:09	Multiple Updates
2017-09-02 09:23:25	Multiple Updates
2017-04-29 09:24:22	Multiple Updates
2016-04-27 01:12:41	Multiple Updates
2015-02-06 13:24:26	Multiple Updates
2015-01-13 21:24:06	Multiple Updates
2014-10-08 21:23:57	Multiple Updates
2014-10-07 21:29:01	First insertion

Type	Count
CWE ID(s)	1
CPE ID(s)	25
Sources(s)	7
Snort® Rule(s)	1
Nessus® Exploit(s)	1

10 - CVE-2014-7235

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

CWE : Common Weakness Enumeration

CPE : Common Platform Enumeration

Snort® IPS/IDS

Nessus® Vulnerability Scanner

Sources (Detail)

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU