CVE-2021-45461
Summary
| CVE | CVE-2021-45461 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2021-12-22 19:15:00 UTC |
| Updated | 2022-01-05 17:39:00 UTC |
| Description | FreePBX, when restapps (aka Rest Phone Apps) 15.0.19.87, 15.0.19.88, 16.0.18.40, or 16.0.18.41 is installed, allows remote attackers to execute arbitrary code, as exploited in the wild in December 2021. The fixed versions are 15.0.20 and 16.0.19. |
Risk And Classification
Problem Types: NVD-CWE-noinfo
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Sangoma | Freepbx | - | All | All | All |
| Application | Sangoma | Pbxact | - | All | All | All |
| Application | Sangoma | Restapps | 15.0.19.87 | All | All | All |
| Application | Sangoma | Restapps | 15.0.19.88 | All | All | All |
| Application | Sangoma | Restapps | 16.0.18.40 | All | All | All |
| Application | Sangoma | Restapps | 16.0.18.41 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| SECURITY ISSUE - Potential Rest Phone Apps RCE - Security - FreePBX Community Forums | CONFIRM | community.freepbx.org | |
| 0 Day FreePBX Exploit? - Security - FreePBX Community Forums | MISC | community.freepbx.org | |
| 2021-12-21 SECURITY: Potential Rest Phone Apps RCE - FreePBX OpenSource Project - Documentation | CONFIRM | wiki.freepbx.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.