Threat Encyclopedia

FreePBX.Remote.Admin.Authentication.Bypass

Description

This indicates an attack attempt to exploit an Authentication Bypass Vulnerability in FreePBX.
A remote unauthenticated attacker could exploit this vulnerability by sending a crafted request to the vulnerable application. Successful exploitation could lead to the execution privileged commands on the target server.

Affected Products

FreePBX prior to 15.0.16.26
FreePBX prior to 14.0.13.11
FreePBX prior to 13.0.197.13

Impact

Privilege Escalation: Remote attackers can leverage their privileges on vulnerable systems.

Recommended Actions

Apply the latest update from the vendor.
https://wiki.freepbx.org/display/FOP/2019-11-20+Remote+Admin+Authentication+Bypass

CVE References

CVE-2019-19006