Description
OSS Endpoint Manager is an endpoint manager module for FreePBX. OSS Endpoint Manager module activation can allow authenticated web users unauthorized access to read system files with the permissions of the webserver process. This vulnerability is fixed in 14.0.4.
References (2)
Core 2
Core References
Patch x_refsource_misc
https://github.com/FreePBX-ContributedModules/endpointman/commit/bad70ca3de2166bbd24f273f7f212a8b2c92a719
Vendor Advisory x_refsource_confirm
https://github.com/FreePBX/security-reporting/security/advisories/GHSA-x9wc-qjrc-j7ww
Scores
CVSS v3
6.8
EPSS
0.0048
EPSS Percentile
37.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-22
Status
published
Products (1)
FreePBX/endpointman
< 14.0.4
Published
Oct 01, 2024
Tracked Since
Feb 18, 2026