CyberSec.Space Logo
Back to CVE Browser

CVE-2021-45461

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1820%
EPSS Percentile5.02th
PublishedDec 22, 2021
Last ModifiedNov 21, 2024

Vulnerability Description

FreePBX, when restapps (aka Rest Phone Apps) 15.0.19.87, 15.0.19.88, 16.0.18.40, or 16.0.18.41 is installed, allows remote attackers to execute arbitrary code, as exploited in the wild in December 2021. The fixed versions are 15.0.20 and 16.0.19.

Affected Platforms (CPE)

πŸ“¦
Sangoma

Restapps

= 15.0.19.87
πŸ“¦
Sangoma

Restapps

= 15.0.19.88
πŸ“¦
Sangoma

Restapps

= 16.0.18.40
πŸ“¦
Sangoma

Restapps

= 16.0.18.41

References & Advisories

πŸ”— https://community.freepbx.org/t/0-day-freepbx-exploit/80092
πŸ”— https://community.freepbx.org/t/security-issue-potential-rest-phone-apps-rce/80109
πŸ”— https://wiki.freepbx.org/display/FOP/2021-12-21+SECURITY%3A+Potential+Rest+Phone+Apps+RCE
πŸ”— https://community.freepbx.org/t/0-day-freepbx-exploit/80092
πŸ”— https://community.freepbx.org/t/security-issue-potential-rest-phone-apps-rce/80109
πŸ”— https://wiki.freepbx.org/display/FOP/2021-12-21+SECURITY%3A+Potential+Rest+Phone+Apps+RCE

Related Vulnerabilities

CVE-2020-106669.8

The restapps (aka Rest Phone apps) module for Sangoma FreePBX and PBXact 13, 14, and 15 through 15.0.19.2 allows remote code execu...

CVE-2024-74885.3

Integer Overflow or Wraparound, Improper Validation of Specified Quantity in Input vulnerability in RestApp Inc. Online Ordering S...

CVE-2026-121917.8

A vulnerability was found in Comma AI Openpilot 0.11. This issue affects the function pickle.load/pickle.loads of the file selfdri...

CVE-2026-121905.3

A vulnerability has been found in Genspark AI Workspace App 2.8.4 on Android. This vulnerability affects unknown code of the compo...