CVE-2024-0986 — AI Deep Analysis Summary

🚨 **Essence**: Issabel PBX 4.0.0 suffers from **OS Command Injection** via the `Asterisk-Cli` component.…

🛡️ **Root Cause**: **CWE-78** (OS Command Injection). <br>🔍 **Flaw**: Improper handling of the `Command` parameter in `/index.php?menu=asterisk_cli`. Malicious input is passed directly to the OS without sanitization.

🏢 **Affected**: **Issabel PBX** specifically version **4.0.0**. <br>📦 **Component**: The `Asterisk-Cli` module is the vulnerable entry point.

💻 **Attacker Capabilities**: <br>• Execute **any OS command** with the privileges of the web server. <br>• Create files, steal data, or pivot to other internal systems. <br>• Full control over the PBX infrastructure.

🔑 **Threshold**: **Medium**. <br>⚠️ **Requirement**: Requires **Authentication** (valid username/password). <br>📉 **CVSS**: `PR:H` (High Privileges Required) means you must be logged in first.

💣 **Public Exploit**: **YES**. <br>🔗 **PoC Available**: GitHub repos (e.g., `gunzf0x`) and Nuclei templates exist. <br>🔥 **Status**: Actively disclosed and usable by attackers.

🔍 **Self-Check**: <br>1. Scan for Issabel PBX 4.0.0 instances. <br>2. Look for the `/index.php?menu=asterisk_cli` endpoint. <br>3. Use Nuclei template `CVE-2024-0986.yaml` for automated detection.

🩹 **Official Fix**: **NO**. <br>⏳ **Status**: Vendor did not respond to disclosure. <br>🚫 **Patch**: No official patch or update has been released yet.

🛡️ **Workaround**: <br>1. **Restrict Access**: Block access to the PBX interface via Firewall/WAF. <br>2. **Disable Service**: If not critical, disable the `Asterisk-Cli` or web interface. <br>3.…

⚡ **Urgency**: **HIGH**. <br>🚨 **Priority**: Immediate action required. <br>📉 **Risk**: Public exploits + Auth requirement makes it a prime target for targeted attacks on communication infrastructure.