CVE-2023-26567

Published Apr 26, 2023

Last updated 20 days ago

CVSS high 8.1

Overview

Description: Sangoma FreePBX 1805 through 2302 (when obtained as a ,.ISO file) places AMPDBUSER, AMPDBPASS, AMPMGRUSER, and AMPMGRPASS in the list of global variables. This exposes cleartext authentication credentials for the Asterisk Database (MariaDB/MySQL) and Asterisk Manager Interface. For example, an attacker can make a /ari/asterisk/variable?variable=AMPDBPASS API call.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 8.1
Impact score: 5.2
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Severity: HIGH

Weaknesses

nvd@nist.gov: CWE-522
134c704f-9b21-4f2e-91b3-4a467353bcc0: CWE-522

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:sangoma:freepbx_linux_7:1805:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7F799892-BFCA-4184-BF34-4D316A7B5304"
          },
          {
            "criteria": "cpe:2.3:a:sangoma:freepbx_linux_7:1904:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DCC57541-8B9A-4F7C-B5AD-BABDE74D987B"
          },
          {
            "criteria": "cpe:2.3:a:sangoma:freepbx_linux_7:1910:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CDB0599D-399C-4B25-AC8D-F0DFD9F960C9"
          },
          {
            "criteria": "cpe:2.3:a:sangoma:freepbx_linux_7:2002:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2CC01C41-5999-48DF-BA27-EB08793F9C62"
          },
          {
            "criteria": "cpe:2.3:a:sangoma:freepbx_linux_7:2008:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1A62509A-E706-4AAE-980A-538A95FAEFFD"
          },
          {
            "criteria": "cpe:2.3:a:sangoma:freepbx_linux_7:2011:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "44020ABA-8123-4E39-95CD-99C96DA76630"
          },
          {
            "criteria": "cpe:2.3:a:sangoma:freepbx_linux_7:2104:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "59E7AB2A-F42F-495B-9786-63157F8FFD39"
          },
          {
            "criteria": "cpe:2.3:a:sangoma:freepbx_linux_7:2105:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6A022DFF-AFB0-4BC9-9995-C0732D4A53D3"
          },
          {
            "criteria": "cpe:2.3:a:sangoma:freepbx_linux_7:2109:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F34D4BBD-FCE8-41C3-8E72-4FB06AE93D6C"
          },
          {
            "criteria": "cpe:2.3:a:sangoma:freepbx_linux_7:2112:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "938CB1A3-B087-4B13-8017-FB20EA66E25E"
          },
          {
            "criteria": "cpe:2.3:a:sangoma:freepbx_linux_7:2201:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5091CC73-0948-4F66-A95F-08B2D806706E"
          },
          {
            "criteria": "cpe:2.3:a:sangoma:freepbx_linux_7:2202:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "938FF93C-F1D1-46AC-8EBE-4EAF9B3266FD"
          },
          {
            "criteria": "cpe:2.3:a:sangoma:freepbx_linux_7:2203:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AAFC050D-EEFD-4DD2-BCF3-A5209BD07A8F"
          },
          {
            "criteria": "cpe:2.3:a:sangoma:freepbx_linux_7:2302:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B3D1EA05-C694-421E-BD19-9FEA00731998"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References