CVE-2021-43405 – FusionPBX / FusionPBX – Improper input validation

CVE-2021-43405 is an improper input validation vulnerability impacting FusionPBX versions 4.5.29 and earlier. An exploit was observed in open source and a link to an exploit was shared in the underground.

Summary:

CVE-2021-43405 is an improper input validation vulnerability impacting FusionPBX versions 4.5.29 and earlier. An exploit was observed in open source and a link to an exploit was shared in the underground.

PoC Links(if available):

Exploit DB link –
https://www.exploit-db.com/exploits/50505

Known Counter Measures:

FusionPBX addressed the vulnerability in a GitHub software development platform saved commit change with a patch.

Links to patches(if available)

https://github.com/fusionpbx/fusionpbx/commit/2d2869c1a1e874c46a8c3c5475614ce769bbbd59