Summary
This host is installed with Fonality trixbox and is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow attacker to execute arbitrary arbitrary code, manipulate SQL queries in the backend database, and disclose certain sensitive information.
Impact Level: Application
Solution
No solution or patch is available as of 30th January, 2015. Information regarding this issue will be updated once the solution details are available.
or updates refer to http://www.fonality.com/trixbox
Insight
Multiple flaws are due to improper validation of user supplied input passed via 'mac', 'lang', and 'id_nodo' parameters.
Affected
Fonality trixbox
Detection
Send a crafted exploit string via HTTP GET request and check whether it is possible to read cookie or not.
References
Severity
Classification
-
CVE CVE-2014-5112 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities