KEVIntel
Back to KEVs
9.8
CVSS
Critical

CVE-2021-45461

PUBLISHED

FreePBX, when restapps (aka Rest Phone Apps) 15.0.19.87, 15.0.19.88, 16.0.18.40, or 16.0.18.41 is installed, allows remote attackers to execute...

Exploited in the wild Remote Low complexity No user interaction
Vendor
FreePBX
Product
Rest Phone Apps
Published
Dec 22, 2021
EPSS

Description

FreePBX, when restapps (aka Rest Phone Apps) 15.0.19.87, 15.0.19.88, 16.0.18.40, or 16.0.18.41 is installed, allows remote attackers to execute arbitrary code, as exploited in the wild in December 2021. The fixed versions are 15.0.20 and 16.0.19.

CVSS scores

CVSS v3.1 9.8 Critical

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2.0 7.5

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitation status

Exploited in the wild

Recorded 2021-12-22 18:25:54 UTC · Source

References

Known exploited vulnerability sources

Catalogues that list this CVE as a known exploited vulnerability.

Source Added
CVE Dec 22, 2021

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Added to KEVIntel