VYPR

Fonality

by Fonality

CVEs (3)

  • CVE-2016-2362CriJun 20, 2016
    risk 0.64cvss 9.8epss 0.02

    Fonality (previously trixbox Pro) 12.6 through 14.1i before 2016-06-01 has a hardcoded password for the FTP account, which allows remote attackers to obtain access via a (1) FTP or (2) SSH connection.

  • CVE-2016-2363HigJun 20, 2016
    risk 0.51cvss 7.8epss 0.01

    Fonality (previously trixbox Pro) 12.6 through 14.1i before 2016-06-01 uses weak permissions for the /var/www/rpc/surun script, which allows local users to obtain root access for unspecified command execution by leveraging access to the nobody account.

  • CVE-2016-2364HigJun 20, 2016
    risk 0.49cvss 7.5epss 0.02

    The Chrome HUDweb plugin before 2016-05-05 for Fonality (previously trixbox Pro) 12.6 through 14.1i uses the same hardcoded private key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge…