CVE-2024-0986

Name of the Vulnerable Software and Affected Versions Issabel PBX version 4.0.0

Description A critical issue affects the processing of the file /index.php?menu=asterisk cli of the component Asterisk-Cli. The manipulation of the argument Command leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Recommendations For Issabel PBX version 4.0.0, as a temporary workaround, consider disabling the Command argument in the /index.php?menu=asterisk cli file until a patch is available. Restrict access to the Asterisk-Cli component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.