CVE-2021-43405 – FusionPBX / FusionPBX – Improper input validation

November 23, 2021

CVE-2021-43405 is an improper input validation vulnerability impacting FusionPBX versions 4.5.29 and earlier. An exploit was observed in open source and a link to an exploit was shared in the underground.

Summary:

CVE-2021-43405 is an improper input validation vulnerability impacting FusionPBX versions 4.5.29 and earlier. An exploit was observed in open source and a link to an exploit was shared in the underground.

PoC Links(if available):

Exploit DB link –
https://www.exploit-db.com/exploits/50505

Known Counter Measures:

FusionPBX addressed the vulnerability in a GitHub software development platform saved commit change with a patch.

Links to patches(if available)

https://github.com/fusionpbx/fusionpbx/commit/2d2869c1a1e874c46a8c3c5475614ce769bbbd59

You may have missed

image

[KILLSEC] – Ransomware Victim: Giggle Finance

November 13, 2024
CISA Logo

US-CERT Vulnerability Summary for the Week of November 4, 2024

November 12, 2024
image

[RAWORLD] – Ransomware Victim: Orange County Pathology Medical Group

November 12, 2024
image

[RAWORLD] – Ransomware Victim: SK Gas

November 12, 2024
CISA Logo

CISA: Ivanti Releases Security Updates for Multiple Products

November 12, 2024