Vulnerability Description
Coalescent Systems freePBX (formerly Asterisk Management Portal) before 2.2.0rc1 allows attackers to execute arbitrary commands via shell metacharacters in (1) CALLERID(name) or (2) CALLERID(number).
CVSS Score
7.5
HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Coalescent Systems | Freepbx | <= 2.1.3 |
References
- http://secunia.com/advisories/23124PatchVendor Advisory
- http://sourceforge.net/project/shownotes.php?group_id=121515&release_id=467129Patch
- http://www.freepbx.org/trac/changeset/2076
- http://www.securityfocus.com/bid/21359Patch
- http://www.vupen.com/english/advisories/2006/3019
- http://secunia.com/advisories/23124PatchVendor Advisory
- http://sourceforge.net/project/shownotes.php?group_id=121515&release_id=467129Patch
- http://www.freepbx.org/trac/changeset/2076
- http://www.securityfocus.com/bid/21359Patch
- http://www.vupen.com/english/advisories/2006/3019
FAQ
What is CVE-2006-6244?
CVE-2006-6244 is a vulnerability with a CVSS score of 7.5 (HIGH). Coalescent Systems freePBX (formerly Asterisk Management Portal) before 2.2.0rc1 allows attackers to execute arbitrary commands via shell metacharacters in (1) CALLERID(name) or (2) CALLERID(number).
How severe is CVE-2006-6244?
CVE-2006-6244 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-6244?
Check the references section above for vendor advisories and patch information. Affected products include: Coalescent Systems Freepbx.