9.9 High
AI Score
Confidence
High
0.015 Low
EPSS
Percentile
86.8%
FreePBX, when restapps (aka Rest Phone Apps) 15.0.19.87, 15.0.19.88, 16.0.18.40, or 16.0.18.41 is installed, allows remote attackers to execute arbitrary code, as exploited in the wild in December 2021. The fixed versions are 15.0.20 and 16.0.19.
community.freepbx.org/t/0-day-freepbx-exploit/80092
community.freepbx.org/t/security-issue-potential-rest-phone-apps-rce/80109
wiki.freepbx.org/display/FOP/2021-12-21+SECURITY%3A+Potential+Rest+Phone+Apps+RCE