Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Fonality (previously trixbox Pro) 12.6 through 14.1i before 2016-06-01 uses weak permissions for the /var/www/rpc/surun script, which allows local users to obtain root access for unspecified command execution by leveraging access to the nobody account.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Fonality 任意命令执行漏洞
Vulnerability Description
Fonality(前称Trixbox pro)是美国Fonality公司的一套集成VoIP和CRM功能的开源电话交换机解决方案。该方案支持语音信箱、多方语音会议和交互式语音应答(IVR)等。 Fonality 12.6版本至14.1i版本中存在安全漏洞,该漏洞源于程序为/var/www/rpc/surun脚本分配不正确的权限。本地攻击者可通过访问nobody账户利用该漏洞以root权限执行任意命令。
CVSS Information
N/A
Vulnerability Type
N/A