Summary
This host is running Brekeke PBX and is prone to Cross-Site Request Forgery Vulnerability.
Impact
Successful exploitation will allow attackers to change the administrator's password by tricking a logged in administrator into visiting a malicious web site.
Impact Level: Application.
Solution
Upgrade to Brekeke PBX version 2.4.6.7 or later.
For updates refer to http://www.brekeke.com/
Insight
The flaw exists in the application which fails to perform validity checks on certain 'HTTP reqests', which allows an attacker to hijack the authentication of users for requests that change passwords via the pbxadmin.web.PbxUserEdit bean.
Affected
Brekeke PBX version 2.4.4.8
References
Severity
Classification
-
CVE CVE-2010-2114 -
CVSS Base Score: 2.6
AV:N/AC:H/Au:N/C:N/I:P/A:N
Related Vulnerabilities