This is a summary of the AI-generated 10-question deep analysis. The full version (longer answers, follow-up Q&A, related CVEs) requires login. Read the full analysis β
Q1What is this vulnerability? (Essence + Consequences)
π¨ **Essence**: A critical OS Command Injection flaw in `endpoint_devicemap.php`. <br>π₯ **Consequences**: Attackers can execute arbitrary commands on the underlying OS, potentially leading to full system compromise.
Q2Root Cause? (CWE/Flaw)
π‘οΈ **Root Cause**: **CWE-78** (OS Command Injection). <br>π **Flaw**: The `endpoint_devicemap.php` component fails to properly sanitize user input, allowing shell commands to be injected and executed.
Q3Who is affected? (Versions/Components)
π¦ **Affected**: **NetFortris Fonality Trixbox Community Edition**. <br>π **Versions**: **1.2.0** through **2.8.0.4**. <br>π **Component**: Specifically the `endpoint_devicemap.php` file.
Q4What can hackers do? (Privileges/Data)
π€ **Privileges**: Commands run as the **asterisk** user. <br>π **Data**: High impact on Confidentiality (C:H) and Integrity (I:H). Attackers can read sensitive data and modify system configurations.
π£ **Public Exp**: **Yes**. <br>π **Evidence**: Metasploit module available (PR #13353) and Packet Storm PoC exists. <br>π₯ **Status**: Actively exploitable in the wild.
Q7How to self-check? (Features/Scanning)
π **Self-Check**: Scan for the presence of `endpoint_devicemap.php` in Trixbox installations. <br>π‘ **Tools**: Use vulnerability scanners detecting CWE-78 in Fonality products or specific Metasploit probes.
π§ **No Patch?**: **Mitigation**. <br>π« **Block**: Restrict network access to the Trixbox interface. <br>π‘οΈ **Isolate**: Segment the VoIP network to prevent lateral movement if compromised.
Q10Is it urgent? (Priority Suggestion)
π₯ **Urgency**: **HIGH**. <br>β³ **Priority**: Patch immediately. <br>π **Risk**: CVSS 3.1 vector indicates High Confidentiality/Integrity impact with Low Attack Complexity.