CVE-2023-26567
Published Apr 26, 2023
Last updated 2 years ago
Overview
- Description
- Sangoma FreePBX 1805 through 2302 (when obtained as a ,.ISO file) places AMPDBUSER, AMPDBPASS, AMPMGRUSER, and AMPMGRPASS in the list of global variables. This exposes cleartext authentication credentials for the Asterisk Database (MariaDB/MySQL) and Asterisk Manager Interface. For example, an attacker can make a /ari/asterisk/variable?variable=AMPDBPASS API call.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 8.1
- Impact score
- 5.2
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
- Severity
- HIGH
Weaknesses
- nvd@nist.gov
- CWE-522
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sangoma:freepbx_linux_7:1805:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7F799892-BFCA-4184-BF34-4D316A7B5304"
},
{
"criteria": "cpe:2.3:a:sangoma:freepbx_linux_7:1904:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DCC57541-8B9A-4F7C-B5AD-BABDE74D987B"
},
{
"criteria": "cpe:2.3:a:sangoma:freepbx_linux_7:1910:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CDB0599D-399C-4B25-AC8D-F0DFD9F960C9"
},
{
"criteria": "cpe:2.3:a:sangoma:freepbx_linux_7:2002:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2CC01C41-5999-48DF-BA27-EB08793F9C62"
},
{
"criteria": "cpe:2.3:a:sangoma:freepbx_linux_7:2008:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1A62509A-E706-4AAE-980A-538A95FAEFFD"
},
{
"criteria": "cpe:2.3:a:sangoma:freepbx_linux_7:2011:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "44020ABA-8123-4E39-95CD-99C96DA76630"
},
{
"criteria": "cpe:2.3:a:sangoma:freepbx_linux_7:2104:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "59E7AB2A-F42F-495B-9786-63157F8FFD39"
},
{
"criteria": "cpe:2.3:a:sangoma:freepbx_linux_7:2105:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6A022DFF-AFB0-4BC9-9995-C0732D4A53D3"
},
{
"criteria": "cpe:2.3:a:sangoma:freepbx_linux_7:2109:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F34D4BBD-FCE8-41C3-8E72-4FB06AE93D6C"
},
{
"criteria": "cpe:2.3:a:sangoma:freepbx_linux_7:2112:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "938CB1A3-B087-4B13-8017-FB20EA66E25E"
},
{
"criteria": "cpe:2.3:a:sangoma:freepbx_linux_7:2201:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5091CC73-0948-4F66-A95F-08B2D806706E"
},
{
"criteria": "cpe:2.3:a:sangoma:freepbx_linux_7:2202:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "938FF93C-F1D1-46AC-8EBE-4EAF9B3266FD"
},
{
"criteria": "cpe:2.3:a:sangoma:freepbx_linux_7:2203:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AAFC050D-EEFD-4DD2-BCF3-A5209BD07A8F"
},
{
"criteria": "cpe:2.3:a:sangoma:freepbx_linux_7:2302:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B3D1EA05-C694-421E-BD19-9FEA00731998"
}
],
"operator": "OR"
}
]
}
]