Skip to main content

Fusionpbx CVE-2024-24539

MEDIUM
2024-03-18 cve@mitre.org
5.3
CVSS 3.1 · Vendor: mitre
Share

Severity by source

Vendor (mitre) PRIMARY
5.3 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Primary rating from Vendor (mitre) · only source for this CVE.

CVSS VectorVendor: mitre

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
Low

Lifecycle Timeline

1
CVE Published
Mar 18, 2024 - 03:15 cve.org
MEDIUM 5.3

DescriptionCVE.org

FusionPBX before 5.2.0 does not validate a session.

AnalysisAI

FusionPBX before 5.2.0 does not validate a session. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Technical ContextAI

Affected products include: Fusionpbx. Version information: before 5.2.0.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2019-11409 HIGH POC
8.8 Jun 17

app/operator_panel/exec.php in the Operator Panel module in FusionPBX 4.4.3 suffers from a command injection vulnerabili

CVE-2021-43405 HIGH POC
8.8 Nov 05

An issue was discovered in FusionPBX before 4.5.30. Rated high severity (CVSS 8.8), this vulnerability is remotely explo

CVE-2019-15029 HIGH POC
8.8 Sep 05

FusionPBX 4.4.8 allows an attacker to execute arbitrary system commands by submitting a malicious command to the service

CVE-2019-19388 MEDIUM POC
6.1 Nov 29

A cross-site scripting (XSS) vulnerability in app/dialplans/dialplan_detail_edit.php in FusionPBX 4.4.1 allows remote at

CVE-2019-19387 MEDIUM POC
6.1 Nov 29

A cross-site scripting (XSS) vulnerability in app/fifo_list/fifo_interactive.php in FusionPBX 4.4.1 allows remote attack

CVE-2019-19386 MEDIUM POC
6.1 Nov 29

A cross-site scripting (XSS) vulnerability in app/voicemail_greetings/voicemail_greeting_edit.php in FusionPBX 4.4.1 all

CVE-2019-19385 MEDIUM POC
6.1 Nov 29

A cross-site scripting (XSS) vulnerability in app/dialplans/dialplans.php in FusionPBX 4.4.1 allows remote attackers to

CVE-2019-19384 MEDIUM POC
6.1 Nov 29

A cross-site scripting (XSS) vulnerability in app/fax/fax_log_view.php in FusionPBX 4.4.1 allows remote attackers to inj

CVE-2019-19367 MEDIUM POC
6.1 Nov 27

A cross-site scripting (XSS) vulnerability in app/fax/fax_files.php in FusionPBX 4.4.1 allows remote attackers to inject

CVE-2019-19366 MEDIUM POC
6.1 Nov 27

A cross-site scripting (XSS) vulnerability in app/xml_cdr/xml_cdr_search.php in FusionPBX 4.4.1 allows remote attackers

CVE-2019-11408 MEDIUM POC
6.1 Jun 17

XSS in app/operator_panel/index_inc.php in the Operator Panel module in FusionPBX 4.4.3 allows remote unauthenticated at

CVE-2022-35153 CRITICAL
9.8 Aug 18

FusionPBX 5.0.1 was discovered to contain a command injection vulnerability via /fax/fax_send.php. Rated critical severi

Share

CVE-2024-24539 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy