CVE-2014-7235

EUVD-2014-7106
htdocs_ari/includes/login.php in the ARI Framework module/Asterisk Recording Interface (ARI) in FreePBX before 2.9.0.9, 2.10.x, and 2.11 before 2.11.1.5 allows remote attackers to execute arbitrary code via the ari_auth cookie, related to the PHP unserialize function, as exploited in the wild in September 2014.
Code Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
10 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:C/I:C/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 98%
Affected Products (NVD)
VendorProductVersion
freepbxfreepbx
2.10.0.0
freepbxfreepbx
2.10.0.1
freepbxfreepbx
2.10.0.2
freepbxfreepbx
2.10.0.3
freepbxfreepbx
2.10.0.4
freepbxfreepbx
2.10.0.5
freepbxfreepbx
2.10.0.6
freepbxfreepbx
2.10.0.7
freepbxfreepbx
2.10.0.8
freepbxfreepbx
2.10.0.9
freepbxfreepbx
2.10.0.10
freepbxfreepbx
2.11.1.0
freepbxfreepbx
2.11.1.1
freepbxfreepbx
2.11.1.2
freepbxfreepbx
2.11.1.3
freepbxfreepbx
2.11.1.4
sangomafreepbx
𝑥
≤ 2.9.0.8
sangomafreepbx
2.11.0.0
sangomafreepbx
2.11.0.1
sangomafreepbx
2.11.0.2
sangomafreepbx
2.11.0.3
sangomafreepbx
2.11.0.4
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://community.freepbx.org/t/critical-freepbx-rce-vulnerability-all-versions-cve-2014-7235/24536
http://packetstormsecurity.com/files/128516/FreePBX-Authentication-Bypass-Account-Creation.html
http://secunia.com/advisories/61601
http://www.securityfocus.com/bid/70188
https://exchange.xforce.ibmcloud.com/vulnerabilities/96790
https://github.com/FreePBX/fw_ari/commit/f294b4580ce725ca3c5e692d86e63d40cef4d836
https://www.exploit-db.com/exploits/41005/
http://community.freepbx.org/t/critical-freepbx-rce-vulnerability-all-versions-cve-2014-7235/24536
http://packetstormsecurity.com/files/128516/FreePBX-Authentication-Bypass-Account-Creation.html
http://secunia.com/advisories/61601
http://www.securityfocus.com/bid/70188
https://exchange.xforce.ibmcloud.com/vulnerabilities/96790
https://github.com/FreePBX/fw_ari/commit/f294b4580ce725ca3c5e692d86e63d40cef4d836
https://www.exploit-db.com/exploits/41005/