Lucene search

MitreCVE-2014-7235

HistoryOct 07, 2014 - 2:55 p.m.

CVE-2014-7235

2014-10-0714:55:09

CWE-94

mitre

web.nvd.nist.gov

125

cve

2014

7235

ari framework

asterisk

freepbx

remote attack

arbitrary code execution

php

unserialize

exploit

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

9.6

Confidence

High

EPSS

0.891

Percentile

98.7%

JSON

htdocs_ari/includes/login.php in the ARI Framework module/Asterisk Recording Interface (ARI) in FreePBX before 2.9.0.9, 2.10.x, and 2.11 before 2.11.1.5 allows remote attackers to execute arbitrary code via the ari_auth cookie, related to the PHP unserialize function, as exploited in the wild in September 2014.

Affected configurations

Nvd

Node

freepbxfreepbxMatch2.10.0.0

freepbxfreepbxMatch2.10.0.1

freepbxfreepbxMatch2.10.0.2

freepbxfreepbxMatch2.10.0.3

freepbxfreepbxMatch2.10.0.4

freepbxfreepbxMatch2.10.0.5

freepbxfreepbxMatch2.10.0.6

freepbxfreepbxMatch2.10.0.7

freepbxfreepbxMatch2.10.0.8

freepbxfreepbxMatch2.10.0.9

freepbxfreepbxMatch2.10.0.10

freepbxfreepbxMatch2.11.1.0

freepbxfreepbxMatch2.11.1.1

freepbxfreepbxMatch2.11.1.2

freepbxfreepbxMatch2.11.1.3

freepbxfreepbxMatch2.11.1.4

sangomafreepbxRange≤2.9.0.8

sangomafreepbxMatch2.11.0.0

sangomafreepbxMatch2.11.0.1

sangomafreepbxMatch2.11.0.2

sangomafreepbxMatch2.11.0.3

sangomafreepbxMatch2.11.0.4

VendorProductVersionCPE
freepbxfreepbx2.10.0.0cpe:2.3:a:freepbx:freepbx:2.10.0.0:*:*:*:*:*:*:*
freepbxfreepbx2.10.0.1cpe:2.3:a:freepbx:freepbx:2.10.0.1:*:*:*:*:*:*:*
freepbxfreepbx2.10.0.2cpe:2.3:a:freepbx:freepbx:2.10.0.2:*:*:*:*:*:*:*
freepbxfreepbx2.10.0.3cpe:2.3:a:freepbx:freepbx:2.10.0.3:*:*:*:*:*:*:*
freepbxfreepbx2.10.0.4cpe:2.3:a:freepbx:freepbx:2.10.0.4:*:*:*:*:*:*:*
freepbxfreepbx2.10.0.5cpe:2.3:a:freepbx:freepbx:2.10.0.5:*:*:*:*:*:*:*
freepbxfreepbx2.10.0.6cpe:2.3:a:freepbx:freepbx:2.10.0.6:*:*:*:*:*:*:*
freepbxfreepbx2.10.0.7cpe:2.3:a:freepbx:freepbx:2.10.0.7:*:*:*:*:*:*:*
freepbxfreepbx2.10.0.8cpe:2.3:a:freepbx:freepbx:2.10.0.8:*:*:*:*:*:*:*
freepbxfreepbx2.10.0.9cpe:2.3:a:freepbx:freepbx:2.10.0.9:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
freepbx	freepbx	2.10.0.0	cpe:2.3:a:freepbx:freepbx:2.10.0.0:::::::*
freepbx	freepbx	2.10.0.1	cpe:2.3:a:freepbx:freepbx:2.10.0.1:::::::*
freepbx	freepbx	2.10.0.2	cpe:2.3:a:freepbx:freepbx:2.10.0.2:::::::*
freepbx	freepbx	2.10.0.3	cpe:2.3:a:freepbx:freepbx:2.10.0.3:::::::*
freepbx	freepbx	2.10.0.4	cpe:2.3:a:freepbx:freepbx:2.10.0.4:::::::*
freepbx	freepbx	2.10.0.5	cpe:2.3:a:freepbx:freepbx:2.10.0.5:::::::*
freepbx	freepbx	2.10.0.6	cpe:2.3:a:freepbx:freepbx:2.10.0.6:::::::*
freepbx	freepbx	2.10.0.7	cpe:2.3:a:freepbx:freepbx:2.10.0.7:::::::*
freepbx	freepbx	2.10.0.8	cpe:2.3:a:freepbx:freepbx:2.10.0.8:::::::*
freepbx	freepbx	2.10.0.9	cpe:2.3:a:freepbx:freepbx:2.10.0.9:::::::*