CVE-2019-19538

EUVD-2019-9156
In Sangoma FreePBX 13 through 15 and sysadmin (aka System Admin) 13.0.92 through 15.0.13.6 modules have a Remote Command Execution vulnerability that results in Privilege Escalation.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.2 HIGH
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 81%
Affected Products (NVD)
VendorProductVersion
sangomafreepbx
𝑥
< 13.0.92
sangomafreepbx
14.0.0.0 ≤
𝑥
< 14.0.38.3
sangomafreepbx
15.0.0.0 ≤
𝑥
< 15.0.13.6
𝑥
= Vulnerable software versions
References
https://community.freepbx.org/t/freepbx-security-vulnerability-sec-2019-00
https://wiki.freepbx.org/display/FOP/2019-12-03+Remote+Command+Execution
https://community.freepbx.org/t/freepbx-security-vulnerability-sec-2019-00
https://wiki.freepbx.org/display/FOP/2019-12-03+Remote+Command+Execution