CVE-2014-7235
Published Oct 7, 2014
Last updated 5 years ago
Overview
- Description
- htdocs_ari/includes/login.php in the ARI Framework module/Asterisk Recording Interface (ARI) in FreePBX before 2.9.0.9, 2.10.x, and 2.11 before 2.11.1.5 allows remote attackers to execute arbitrary code via the ari_auth cookie, related to the PHP unserialize function, as exploited in the wild in September 2014.
- Source
- cve@mitre.org
- NVD status
- Modified
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 10
- Impact score
- 10
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:C/I:C/A:C
Weaknesses
- nvd@nist.gov
- CWE-94
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:freepbx:freepbx:2.10.0.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6317E737-4318-4986-AC41-9F69BEEE57C1"
},
{
"criteria": "cpe:2.3:a:freepbx:freepbx:2.10.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A5B24685-54DE-4F76-AC05-3CA32A63E34D"
},
{
"criteria": "cpe:2.3:a:freepbx:freepbx:2.10.0.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "182B7950-427E-4F48-968D-125DC480F00F"
},
{
"criteria": "cpe:2.3:a:freepbx:freepbx:2.10.0.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4126EAD1-F307-4252-B951-AF6BA8AB50AF"
},
{
"criteria": "cpe:2.3:a:freepbx:freepbx:2.10.0.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "38BD066D-9777-4D58-B283-38C35BD97171"
},
{
"criteria": "cpe:2.3:a:freepbx:freepbx:2.10.0.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7035B567-4728-4E8C-B27C-5C37445C89C8"
},
{
"criteria": "cpe:2.3:a:freepbx:freepbx:2.10.0.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A591ECCE-6DBC-45BE-908F-BC5D8D817DDA"
},
{
"criteria": "cpe:2.3:a:freepbx:freepbx:2.10.0.7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A284DA73-FD42-4C79-A4B7-3A1848F3883B"
},
{
"criteria": "cpe:2.3:a:freepbx:freepbx:2.10.0.8:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F04952AA-A9F1-4C2F-A19A-5DF5D4CB27AD"
},
{
"criteria": "cpe:2.3:a:freepbx:freepbx:2.10.0.9:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CA512E0C-5E77-4D67-8E49-D6F5B7DCE87F"
},
{
"criteria": "cpe:2.3:a:freepbx:freepbx:2.10.0.10:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9F29B0F2-C3A3-401C-A8D1-842E1D660BCF"
},
{
"criteria": "cpe:2.3:a:freepbx:freepbx:2.11.1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "61D4517F-EDED-49C3-B0E7-72703D49D78E"
},
{
"criteria": "cpe:2.3:a:freepbx:freepbx:2.11.1.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "787A42CA-870B-4595-8234-93C6E3D68A51"
},
{
"criteria": "cpe:2.3:a:freepbx:freepbx:2.11.1.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "697C8EA2-5E93-46A8-B604-49DDCEA8B0D9"
},
{
"criteria": "cpe:2.3:a:freepbx:freepbx:2.11.1.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A082A340-769A-4925-AA29-4334B4940F10"
},
{
"criteria": "cpe:2.3:a:freepbx:freepbx:2.11.1.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "04B6860F-F3D1-42E4-908D-789E26F00640"
},
{
"criteria": "cpe:2.3:a:sangoma:freepbx:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "575E3DA5-B8DE-47CC-A322-50EE531A5365",
"versionEndIncluding": "2.9.0.8"
},
{
"criteria": "cpe:2.3:a:sangoma:freepbx:2.11.0.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "90B28D54-5FBD-403C-BA01-3D2CF2F8D8FB"
},
{
"criteria": "cpe:2.3:a:sangoma:freepbx:2.11.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "37704860-CB88-4182-9928-35A2CCDDA0D0"
},
{
"criteria": "cpe:2.3:a:sangoma:freepbx:2.11.0.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "30DB72FB-2D60-4C78-B2E3-A54857FA382E"
},
{
"criteria": "cpe:2.3:a:sangoma:freepbx:2.11.0.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A36B78CA-1130-4045-99C3-339132F4ED66"
},
{
"criteria": "cpe:2.3:a:sangoma:freepbx:2.11.0.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0675B567-E2FB-4870-BD42-5CB97DA1B9E9"
}
],
"operator": "OR"
}
]
}
]