Vulnerability Details : CVE-2019-11409
Public exploit exists!
app/operator_panel/exec.php in the Operator Panel module in FusionPBX 4.4.3 suffers from a command injection vulnerability due to a lack of input validation that allows authenticated non-administrative attackers to execute commands on the host. This can further lead to remote code execution when combined with an XSS vulnerability also present in the FusionPBX Operator Panel module.
Vulnerability category: Cross site scripting (XSS)Execute code
Products affected by CVE-2019-11409
- cpe:2.3:a:fusionpbx:fusionpbx:4.4.3:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2019-11409
95.80%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2019-11409
-
FusionPBX Operator Panel exec.php Command Execution
Disclosure Date: 2019-06-06First seen: 2020-04-26exploit/unix/webapp/fusionpbx_operator_panel_exec_cmd_execThis module exploits an authenticated command injection vulnerability in FusionPBX versions 4.4.3 and prior. The `exec.php` file within the Operator Panel permits users with `operator_panel_view` permissions, or administrator permissions, to execute arbitrar
CVSS scores for CVE-2019-11409
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.5
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:P/A:P |
8.0
|
6.4
|
NIST | |
8.8
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST |
CWE ids for CVE-2019-11409
-
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.Assigned by: nvd@nist.gov (Primary)
References for CVE-2019-11409
-
http://packetstormsecurity.com/files/155344/FusionPBX-Operator-Panel-exec.php-Command-Execution.html
FusionPBX Operator Panel exec.php Command Execution ≈ Packet StormExploit;Third Party Advisory;VDB Entry
-
https://github.com/fusionpbx/fusionpbx/commit/e43ca27ba2d9c0109a6bf198fe2f8d79f63e0611
Update exec.php · fusionpbx/fusionpbx@e43ca27 · GitHubPatch;Third Party Advisory
-
https://blog.gdssecurity.com/labs/2019/6/7/rce-using-caller-id-multiple-vulnerabilities-in-fusionpbx.html
GDS - Blog - RCE Using Caller ID - Multiple Vulnerabilities in FusionPBXExploit;Third Party Advisory
-
http://packetstormsecurity.com/files/153256/FusionPBX-4.4.3-Remote-Command-Execution.html
FusionPBX 4.4.3 Remote Command Execution ≈ Packet StormExploit;Third Party Advisory;VDB Entry
Jump to