Unrated severityNVD Advisory· Published May 1, 2020· Updated Sep 16, 2024

Fonality Trixbox CE Post-Authentication Command Injection

CVE-2020-7351

Description

An OS Command Injection vulnerability in the endpoint_devicemap.php component of Fonality Trixbox Community Edition allows an attacker to execute commands on the underlying operating system as the "asterisk" user. Note that Trixbox Community Edition has been unsupported by the vendor since 2012. This issue affects: Fonality Trixbox Community Edition, versions 1.2.0 through 2.8.0.4. Versions 1.0 and 1.1 are unaffected.

Affected products

Fonality/Trixbox Community Editionv5
Range: 2.8.0.4

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

packetstormsecurity.com/files/157565/TrixBox-CE-2.8.0.4-Command-Execution.htmlmitrex_refsource_MISC
github.com/rapid7/metasploit-framework/pull/13353mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.055
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000