FreePBX up to 3.0.122.42/4.0.18.33/5.0.1beta3 Asterisk Module Request Javascript cross site scripting
CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
---|---|---|
5.2 | $0-$5k | 0.00 |
A vulnerability, which was classified as critical, was found in FreePBX up to 3.0.122.42/4.0.18.33/5.0.1beta3. Affected is an unknown part of the component Asterisk Module Handler. The manipulation as part of a Request leads to a cross site scripting vulnerability (Javascript). CWE is classifying the issue as CWE-79. The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. This is going to have an impact on confidentiality, integrity, and availability. CVE summarizes:
An issue was discovered in FreePBX core before 3.0.122.43, 14.0.18.34, and 5.0.1beta4. By crafting a request for adding Asterisk modules, an attacker is able to store JavaScript commands in a module name.
The weakness was released 06/20/2019 (Website). The advisory is shared for download at wiki.freepbx.org. This vulnerability is traded as CVE-2018-15891 since 08/26/2018. It is possible to launch the attack remotely. A authentication is necessary for exploitation. Successful exploitation requires user interaction by the victim. There are neither technical details nor an exploit publicly available. The MITRE ATT&CK project declares the attack technique as T1059.007.
Upgrading to version 3.0.122.43, 4.0.18.34 or 5.0.1beta4 eliminates this vulnerability.
Entry connected to this vulnerability is available at 136777.
Product
Name
Version
- 3.0.122.0
- 3.0.122.1
- 3.0.122.2
- 3.0.122.3
- 3.0.122.4
- 3.0.122.5
- 3.0.122.6
- 3.0.122.7
- 3.0.122.8
- 3.0.122.9
- 3.0.122.10
- 3.0.122.11
- 3.0.122.12
- 3.0.122.13
- 3.0.122.14
- 3.0.122.15
- 3.0.122.16
- 3.0.122.17
- 3.0.122.18
- 3.0.122.19
- 3.0.122.20
- 3.0.122.21
- 3.0.122.22
- 3.0.122.23
- 3.0.122.24
- 3.0.122.25
- 3.0.122.26
- 3.0.122.27
- 3.0.122.28
- 3.0.122.29
- 3.0.122.30
- 3.0.122.31
- 3.0.122.32
- 3.0.122.33
- 3.0.122.34
- 3.0.122.35
- 3.0.122.36
- 3.0.122.37
- 3.0.122.38
- 3.0.122.39
- 3.0.122.40
- 3.0.122.41
- 3.0.122.42
- 4.0.18.0
- 4.0.18.1
- 4.0.18.2
- 4.0.18.3
- 4.0.18.4
- 4.0.18.5
- 4.0.18.6
- 4.0.18.7
- 4.0.18.8
- 4.0.18.9
- 4.0.18.10
- 4.0.18.11
- 4.0.18.12
- 4.0.18.13
- 4.0.18.14
- 4.0.18.15
- 4.0.18.16
- 4.0.18.17
- 4.0.18.18
- 4.0.18.19
- 4.0.18.20
- 4.0.18.21
- 4.0.18.22
- 4.0.18.23
- 4.0.18.24
- 4.0.18.25
- 4.0.18.26
- 4.0.18.27
- 4.0.18.28
- 4.0.18.29
- 4.0.18.30
- 4.0.18.31
- 4.0.18.32
- 4.0.18.33
- 5.0.1beta3
License
CPE 2.3
CPE 2.2
CVSSv4
VulDB CVSS-B Score: 🔍VulDB CVSS-BT Score: 🔍
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 5.4VulDB Meta Temp Score: 5.3
VulDB Base Score: 5.9
VulDB Temp Score: 5.7
VulDB Vector: 🔍
VulDB Reliability: 🔍
NVD Base Score: 4.8
NVD Vector: 🔍
CVSSv2
AV | AC | Au | C | I | A |
---|---|---|---|---|---|
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
---|---|---|---|---|---|
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Name: JavascriptClass: Cross site scripting / Javascript
CWE: CWE-79 / CWE-74 / CWE-707
ATT&CK: T1059.007
Local: No
Remote: Yes
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
0-Day | unlock | unlock | unlock | unlock |
---|---|---|---|---|
Today | unlock | unlock | unlock | unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Upgrade: FreePBX 3.0.122.43/4.0.18.34/5.0.1beta4
Timeline
08/26/2018 🔍06/20/2019 🔍
06/20/2019 🔍
06/26/2020 🔍
Sources
Advisory: wiki.freepbx.orgStatus: Not defined
Confirmation: 🔍
CVE: CVE-2018-15891 (🔍)
See also: 🔍
Entry
Created: 06/20/2019 22:04Updated: 06/26/2020 11:58
Changes: 06/20/2019 22:04 (58), 06/26/2020 11:58 (1)
Complete: 🔍
No comments yet. Languages: en.
Please log in to comment.