CVE ID: TBD
Overview:
Below The FreePBX modules versions in the FreePBX has and versions noted below have an authentication vulnerability in the Rest Phone Apps module that potentially allows for unauthorized users to bypass password authentication and access services provided by the Phone Apps module.
...
Vulnerable software and versions:
The following versions has the fixminimum modules/versions are fixed:
FreePBX 15 -
- > Endpoint Manager v15.0.65
> Restapps v15.0.41
FreePBX 16 -
- > Endpoint Manager v16.0.86
> Restapps v16.0.35
Related Information
...
FreePBX has an authentication vulnerability in the Phone Rest Apps module that potentially allows unauthorized users to bypass password authentication and access services provided by the Phone Apps module.
The Sangoma and FreePBX engineering team has deemed this a minor security issue. We strongly encourage all users of FreePBX Distro to upgrade to the latest versions noted above. This can be done from the Module Admin GUI or fwconsole. For more information on using Module Admin, please see http://wiki.freepbx.org/display/FPG/Module+Admin+User+Guide.
...