I believe there is a false positive in the detection of CVE-2020-10666.
“FreePBX 13.x <= 13.0.93.2, 14.x <= 14.0.22.2, 15.x <= 15.0.19.2 RCE Vulnerability”
The file is plugins/2021/freepbx/gb_freepbx_rce_vuln_mar20.nasl.
The plugin gets the version of freepbx (core framework), not the restapps module.
Because the latest version of freepbx core framework is 15.0.17.43 (at the time of writing), which is <15.0.19.2 that is the fixed restapps module version, the script falsely reports the freepbx installation as vulnerable.
How can this be fixed in a future version of the detection script?
Thanks!
thanks a lot for this detailed posting and the throughout analysis.
The first step was was already done: Creating this posting
Next step is now: The posting needs to be evaluated / handled by a feed team member. I have created an internal issue about this task a few minutes ago, a member of the feed team might come up with additional questions or information about this.
again, thanks for bringing this to our attention. You’re absolutely correct: The vulnerability range is not about the core product, but a FreePBX module.
Currently there is no way to detect a list of installed modules (as they can only be obtained post authentication), so this VT might probably get deprecated in the near future.