SonicALERT
Search

Sonicwall Signatures

 

Go to All Categories list.


  FreePBX Asterisk Recording Interface Remote Code Execution

Category: VoIP-ATTACKS      

htdocs_ari/includes/login.php in the ARI Framework module/Asterisk Recording Interface (ARI) in FreePBX before 2.9.0.9, 2.10.x, and 2.11 before 2.11.1.5 allows remote attackers to execute arbitrary code via the ari_auth coockie, related to the PHP unserialize function.

References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7235


Relevant Information