FreePBX Security Vulnerability


Warning: Use of undefined constant url - assumed 'url' (this will throw an Error in a future version of PHP) in /nfs/c01/h06/mnt/303/domains/robinsonassc.com/html/blg/wp-content/themes/reach/format-standard.php on line 17

Warning: Use of undefined constant width - assumed 'width' (this will throw an Error in a future version of PHP) in /nfs/c01/h06/mnt/303/domains/robinsonassc.com/html/blg/wp-content/themes/reach/format-standard.php on line 17

Warning: Use of undefined constant height - assumed 'height' (this will throw an Error in a future version of PHP) in /nfs/c01/h06/mnt/303/domains/robinsonassc.com/html/blg/wp-content/themes/reach/format-standard.php on line 17

A recent vulnerability has surfaced with FreePBX version 2.10 and lower. The callme_startcall function in recordings/misc/callme_page.php in FreePBX allows remote attackers to execute arbitrary commands via the callmenum parameter in a c action.

Affected Systems

FreePBX v2.10 and Lower
Elastix v2.4

Recommended Steps

Disable Wan access to web portal of Freepbx/Elastix

For More Information visit http://www.cvedetails.com/cve/CVE-2012-4869/

0 Comments

Be the first to post a comment.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.