CVE-2018-19911

FreeSWITCH through 1.8.2, when mod_xml_rpc is enabled, allows remote attackers to execute arbitrary commands via the api/system or txtapi/system (or api/bg_system or txtapi/bg_system) query string on TCP port 8080, as demonstrated by an api/system?calc URI. This can also be exploited via CSRF. Alternatively, the default password of works for the freeswitch account can sometimes be used.
Command Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
HIGH
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 93%
VendorProductVersion
freeswitchfreeswitch
𝑥
≤ 1.8.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/iSafeBlue/freeswitch_rce/blob/master/README-en.md
https://github.com/iSafeBlue/freeswitch_rce/blob/master/freeswitch_rce.py
https://github.com/iSafeBlue/freeswitch_rce/blob/master/README-en.md
https://github.com/iSafeBlue/freeswitch_rce/blob/master/freeswitch_rce.py