cnvd - cnvd-2019-40060

cnvd-2019-40060

Vulnerability from cnvd

Title: FusionPBX Operator Panel模块跨站脚本漏洞（CNVD-2019-40060）

Description:

FusionPBX是一套可扩展、多线程的通信平台。该平台可作为呼叫中心服务器、传真服务器、voip服务器、语音邮件服务器、会议服务器和语音应用服务器等。Operator Panel module是其中的一个操作面板模块。该平台可作为呼叫中心服务器、传真服务器、voip服务器、语音邮件服务器、会议服务器和语音应用服务器等。

FusionPBX 4.4.3版本中的Operator Panel模块的app/operator_panel/exec.php文件存在跨站脚本漏洞，该漏洞源于程序缺少输入验证检测。攻击者可利用该漏洞执行代码或命令。

Severity: 中

Formal description:

目前厂商未提供修复方案，请关注厂商主页： https://www.fusionpbx.com/

Reference: https://packetstormsecurity.com/files/153256/FusionPBX-4.4.3-Remote-Command-Execution.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11408

Impacted products

Name
FusionPBX FusionPBX 4.4.3

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-11409"
    }
  },
  "description": "FusionPBX\u662f\u4e00\u5957\u53ef\u6269\u5c55\u3001\u591a\u7ebf\u7a0b\u7684\u901a\u4fe1\u5e73\u53f0\u3002 \u8be5\u5e73\u53f0\u53ef\u4f5c\u4e3a\u547c\u53eb\u4e2d\u5fc3\u670d\u52a1\u5668\u3001\u4f20\u771f\u670d\u52a1\u5668\u3001voip\u670d\u52a1\u5668\u3001\u8bed\u97f3\u90ae\u4ef6\u670d\u52a1\u5668\u3001\u4f1a\u8bae\u670d\u52a1\u5668\u548c\u8bed\u97f3\u5e94\u7528\u670d\u52a1\u5668\u7b49\u3002Operator Panel module\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u64cd\u4f5c\u9762\u677f\u6a21\u5757\u3002\u8be5\u5e73\u53f0\u53ef\u4f5c\u4e3a\u547c\u53eb\u4e2d\u5fc3\u670d\u52a1\u5668\u3001\u4f20\u771f\u670d\u52a1\u5668\u3001voip\u670d\u52a1\u5668\u3001\u8bed\u97f3\u90ae\u4ef6\u670d\u52a1\u5668\u3001\u4f1a\u8bae\u670d\u52a1\u5668\u548c\u8bed\u97f3\u5e94\u7528\u670d\u52a1\u5668\u7b49\u3002\n\nFusionPBX 4.4.3\u7248\u672c\u4e2d\u7684Operator Panel\u6a21\u5757\u7684app/operator_panel/exec.php\u6587\u4ef6\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u7f3a\u5c11\u8f93\u5165\u9a8c\u8bc1\u68c0\u6d4b\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4ee3\u7801\u6216\u547d\u4ee4\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u672a\u63d0\u4f9b\u4fee\u590d\u65b9\u6848\uff0c\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\uff1a\r\nhttps://www.fusionpbx.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-40060",
  "openTime": "2019-11-11",
  "products": {
    "product": "FusionPBX FusionPBX 4.4.3"
  },
  "referenceLink": "https://packetstormsecurity.com/files/153256/FusionPBX-4.4.3-Remote-Command-Execution.html \r\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11408",
  "serverity": "\u4e2d",
  "submitTime": "2019-06-13",
  "title": "FusionPBX Operator Panel\u6a21\u5757\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff08CNVD-2019-40060\uff09"
}

CVE-2019-11409 (GCVE-0-2019-11409)

Vulnerability from cvelistv5

Published

2019-06-17 18:02

Modified

2024-08-04 22:55

Severity ?

CWE

Summary

app/operator_panel/exec.php in the Operator Panel module in FusionPBX 4.4.3 suffers from a command injection vulnerability due to a lack of input validation that allows authenticated non-administrative attackers to execute commands on the host. This can further lead to remote code execution when combined with an XSS vulnerability also present in the FusionPBX Operator Panel module.

References

▼	URL	Tags
	https://github.com/fusionpbx/fusionpbx/commit/e43ca27ba2d9c0109a6bf198fe2f8d79f63e0611	x_refsource_MISC
	http://packetstormsecurity.com/files/153256/FusionPBX-4.4.3-Remote-Command-Execution.html	x_refsource_MISC
	https://blog.gdssecurity.com/labs/2019/6/7/rce-using-caller-id-multiple-vulnerabilities-in-fusionpbx.html	x_refsource_MISC
	http://packetstormsecurity.com/files/155344/FusionPBX-Operator-Panel-exec.php-Command-Execution.html	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T22:55:40.800Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/fusionpbx/fusionpbx/commit/e43ca27ba2d9c0109a6bf198fe2f8d79f63e0611"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/153256/FusionPBX-4.4.3-Remote-Command-Execution.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://blog.gdssecurity.com/labs/2019/6/7/rce-using-caller-id-multiple-vulnerabilities-in-fusionpbx.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/155344/FusionPBX-Operator-Panel-exec.php-Command-Execution.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2019-06-06T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "app/operator_panel/exec.php in the Operator Panel module in FusionPBX 4.4.3 suffers from a command injection vulnerability due to a lack of input validation that allows authenticated non-administrative attackers to execute commands on the host. This can further lead to remote code execution when combined with an XSS vulnerability also present in the FusionPBX Operator Panel module."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-11-14T17:06:47",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/fusionpbx/fusionpbx/commit/e43ca27ba2d9c0109a6bf198fe2f8d79f63e0611"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/153256/FusionPBX-4.4.3-Remote-Command-Execution.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://blog.gdssecurity.com/labs/2019/6/7/rce-using-caller-id-multiple-vulnerabilities-in-fusionpbx.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/155344/FusionPBX-Operator-Panel-exec.php-Command-Execution.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-11409",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "app/operator_panel/exec.php in the Operator Panel module in FusionPBX 4.4.3 suffers from a command injection vulnerability due to a lack of input validation that allows authenticated non-administrative attackers to execute commands on the host. This can further lead to remote code execution when combined with an XSS vulnerability also present in the FusionPBX Operator Panel module."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/fusionpbx/fusionpbx/commit/e43ca27ba2d9c0109a6bf198fe2f8d79f63e0611",
              "refsource": "MISC",
              "url": "https://github.com/fusionpbx/fusionpbx/commit/e43ca27ba2d9c0109a6bf198fe2f8d79f63e0611"
            },
            {
              "name": "http://packetstormsecurity.com/files/153256/FusionPBX-4.4.3-Remote-Command-Execution.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/153256/FusionPBX-4.4.3-Remote-Command-Execution.html"
            },
            {
              "name": "https://blog.gdssecurity.com/labs/2019/6/7/rce-using-caller-id-multiple-vulnerabilities-in-fusionpbx.html",
              "refsource": "MISC",
              "url": "https://blog.gdssecurity.com/labs/2019/6/7/rce-using-caller-id-multiple-vulnerabilities-in-fusionpbx.html"
            },
            {
              "name": "http://packetstormsecurity.com/files/155344/FusionPBX-Operator-Panel-exec.php-Command-Execution.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/155344/FusionPBX-Operator-Panel-exec.php-Command-Execution.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-11409",
    "datePublished": "2019-06-17T18:02:23",
    "dateReserved": "2019-04-21T00:00:00",
    "dateUpdated": "2024-08-04T22:55:40.800Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted