CVE-2019-11408 - OpenCVE

XSS in app/operator_panel/index_inc.php in the Operator Panel module in FusionPBX 4.4.3 allows remote unauthenticated attackers to inject arbitrary JavaScript characters by placing a phone call using a specially crafted caller ID number. This can further lead to remote code execution by chaining this vulnerability with a command injection vulnerability also present in FusionPBX.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Fusionpbx	Fusionpbx

Configuration 1 [-]

cpe:2.3:a:fusionpbx:fusionpbx:4.4.3:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://packetstormsecurity.com/files/153256/FusionPBX-4.4.3-Remote-Command-Execution.html
https://blog.gdssecurity.com/labs/2019/6/7/rce-using-caller-id-multiple-vulnerabilities-in-fusionpbx.html
https://github.com/fusionpbx/fusionpbx/commit/391a23d070f3036d0c7760992f6970b0a76ee4d7

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2019-06-17T17:59:30

Updated: 2024-08-04T22:55:40.795Z

Reserved: 2019-04-21T00:00:00

Link: CVE-2019-11408

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2019-06-17T18:15:10.797

Modified: 2019-06-18T16:35:42.773

Link: CVE-2019-11408

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2019-06-06T00:00:00", "descriptions": [{"lang": "en", "value": "XSS in app/operator_panel/index_inc.php in the Operator Panel module in FusionPBX 4.4.3 allows remote unauthenticated attackers to inject arbitrary JavaScript characters by placing a phone call using a specially crafted caller ID number. This can further lead to remote code execution by chaining this vulnerability with a command injection vulnerability also present in FusionPBX."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-06-17T18:00:35", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/fusionpbx/fusionpbx/commit/391a23d070f3036d0c7760992f6970b0a76ee4d7"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/153256/FusionPBX-4.4.3-Remote-Command-Execution.html"}, {"tags": ["x_refsource_MISC"], "url": "https://blog.gdssecurity.com/labs/2019/6/7/rce-using-caller-id-multiple-vulnerabilities-in-fusionpbx.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-11408", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "XSS in app/operator_panel/index_inc.php in the Operator Panel module in FusionPBX 4.4.3 allows remote unauthenticated attackers to inject arbitrary JavaScript characters by placing a phone call using a specially crafted caller ID number. This can further lead to remote code execution by chaining this vulnerability with a command injection vulnerability also present in FusionPBX."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/fusionpbx/fusionpbx/commit/391a23d070f3036d0c7760992f6970b0a76ee4d7", "refsource": "MISC", "url": "https://github.com/fusionpbx/fusionpbx/commit/391a23d070f3036d0c7760992f6970b0a76ee4d7"}, {"name": "http://packetstormsecurity.com/files/153256/FusionPBX-4.4.3-Remote-Command-Execution.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/153256/FusionPBX-4.4.3-Remote-Command-Execution.html"}, {"name": "https://blog.gdssecurity.com/labs/2019/6/7/rce-using-caller-id-multiple-vulnerabilities-in-fusionpbx.html", "refsource": "MISC", "url": "https://blog.gdssecurity.com/labs/2019/6/7/rce-using-caller-id-multiple-vulnerabilities-in-fusionpbx.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T22:55:40.795Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/fusionpbx/fusionpbx/commit/391a23d070f3036d0c7760992f6970b0a76ee4d7"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/153256/FusionPBX-4.4.3-Remote-Command-Execution.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://blog.gdssecurity.com/labs/2019/6/7/rce-using-caller-id-multiple-vulnerabilities-in-fusionpbx.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-11408", "datePublished": "2019-06-17T17:59:30", "dateReserved": "2019-04-21T00:00:00", "dateUpdated": "2024-08-04T22:55:40.795Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:fusionpbx:fusionpbx:4.4.3:*:*:*:*:*:*:*", "matchCriteriaId": "ED771627-B19B-4F2E-8366-2D98F13BF022", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "XSS in app/operator_panel/index_inc.php in the Operator Panel module in FusionPBX 4.4.3 allows remote unauthenticated attackers to inject arbitrary JavaScript characters by placing a phone call using a specially crafted caller ID number. This can further lead to remote code execution by chaining this vulnerability with a command injection vulnerability also present in FusionPBX."}, {"lang": "es", "value": "XSS en app / operator_panel / index_inc.php en el m\u00f3dulo del Panel del operador en FusionPBX 4.4.3 permite a los atacantes remotos no identificados inyectar caracteres de JavaScript arbitrarios al realizar una llamada telef\u00f3nica utilizando un n\u00famero de identificaci\u00f3n de llamada especialmente dise\u00f1ado. Esto puede llevar adem\u00e1s a la ejecuci\u00f3n remota de c\u00f3digo encadenando esta vulnerabilidad con una vulnerabilidad de inyecci\u00f3n de comando tambi\u00e9n presente en FusionPBX."}], "id": "CVE-2019-11408", "lastModified": "2019-06-18T16:35:42.773", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-06-17T18:15:10.797", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/153256/FusionPBX-4.4.3-Remote-Command-Execution.html"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://blog.gdssecurity.com/labs/2019/6/7/rce-using-caller-id-multiple-vulnerabilities-in-fusionpbx.html"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/fusionpbx/fusionpbx/commit/391a23d070f3036d0c7760992f6970b0a76ee4d7"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}