Vulnerabilities > CVE-2021-45461 - Unspecified vulnerability in Sangoma Restapps

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

sangoma

critical

NVD

Published: 2021-12-22

Updated: 2022-01-05

Summary

FreePBX, when restapps (aka Rest Phone Apps) 15.0.19.87, 15.0.19.88, 16.0.18.40, or 16.0.18.41 is installed, allows remote attackers to execute arbitrary code, as exploited in the wild in December 2021. The fixed versions are 15.0.20 and 16.0.19.

Vulnerable Configurations

Part	Description	Count
Application	Sangoma Sangoma Restapps 15.0.19.87 Sangoma Restapps 15.0.19.88 Sangoma Restapps 16.0.18.40 Sangoma Restapps 16.0.18.41 Sangoma Freepbx - Sangoma Pbxact -	6

References

https://community.freepbx.org/t/security-issue-potential-rest-phone-apps-rce/80109
https://wiki.freepbx.org/display/FOP/2021-12-21+SECURITY%3A+Potential+Rest+Phone+Apps+RCE
https://community.freepbx.org/t/0-day-freepbx-exploit/80092