Remote Code Execution Vulnerability in Sangoma NetBorder and Vega Session Controller
CVE-2017-17430

9.8CRITICAL

Key Information:

Vendor: Sangoma
Status: Netborder\/vega Session Firmware
Vendor: CVE Published:; 7 December 2017

What is CVE-2017-17430?

The Sangoma NetBorder and Vega Session Controller before version 2.3.12-80-GA exhibit a critical vulnerability allowing remote attackers to execute arbitrary commands. This risk arises from insecure handling in the web interface, enabling unauthorized command injection and potential system compromise. It is vital for users to update to the latest version to safeguard against these threats.

References

ftp://ftp.sangoma.com/nsc/2.3/Changelog

x_refsource_CONFIRM

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 7, 2017
Vulnerability Reserved
Dec 5, 2017

CVE-2017-17430 Data

JSON