File Upload Vulnerability in FreePBX by Sangoma Technologies
CVE-2024-53564

2.2LOW

Key Information:

Vendor: Sangoma
Status: Freepbx
Vendor: CVE Published:; 2 December 2024

What is CVE-2024-53564?

A file upload vulnerability has been identified in FreePBX version 17.0.19.17, where the system fails to properly verify the type of uploaded files, specifically valid FreePBX modules. This oversight permits high-privilege administrators to potentially insert unauthorized files into the system. Although the supplier asserts that the risk is limited to actions permitted for high-privilege users, this poses a significant security concern that should not be overlooked.

Affected Version(s)

FreePBX 17.0.19.17

References

https://gist.github.com/hyp164D1/490732de230edf97423f6d95...

https://gist.github.com/hyp164D1/d419bdf3e7e352088a21631d...

CVSS V3.1

Score:

2.2

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 2, 2024
Vulnerability Reserved
Nov 20, 2024

CVE-2024-53564 Data

JSON