Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-6424


Vulnerability Score 4.3 4.3
CVE Id CVE-2007-6424
Last Modified 07 Mar 2011 10:02:42
Published 18 Dec 2007 02:46:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE


Summary in Fonality Trixbox 2.0 PBX products, when running in certain environments, reads and executes a set of commands from a remote web site without sufficiently validating the origin of the commands, which allows remote attackers to disable trixbox and execute arbitrary commands via a DNS spoofing attack.

Vulnerable Systems


  • Fonality Trixbox 2.0




MLIST - [VOIPSEC] 20071219 Trixbox Arbitrary Command Execution Vulnerability

MLIST - [VOIPSEC] 20071216 Trixbox Arbitrary Command Execution Vulnerability

OSVDB - 44136

MLIST - [VOIPSEC] 20071219 trixbox vulnerability fluff

MLIST - [VOIPSEC] 20071219 trixbox vuln (CVE-2007-6424) - PoC exploit code


Last Updated: 27 May 2016 10:46:30