Condorlab

Asterisk – FreePBX ARI Framework allow code execution


Advisory ID
RSN-NS-0014


Vulnerability Information

 

 

FreePBX could allow a remote attacker to execute arbitrary code on the system, caused by an error in the legacy FreePBX ARI Framework module/Asterisk Recording Interface (ARI). An attacker could exploit this vulnerability to bypass the authentication process and execute arbitrary code on the system with administrative privileges.


Release Date

2014-10-07


Solutions

 

 

The UCTM solution from RedShift Networks provides the industry’s first complete security solution developed to secure VOIP networks, endpoints and applications. His research team Condor-Labs.com is constantly looking for new attack patterns, advanced penetration testing methods, vulnerability identification and deployment of new signatures for constantly subscribed clients. For more information visit www.redshiftnetworks.com


External Resources

 

 

Common Vulnerabilities and Exposures (CVE)

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7235