Authentication Bypass Vulnerability in Sangoma Session Border Controller
CVE-2019-12148

9.8CRITICAL

Key Information:

Vendor: Sangoma
Status: Session Border Controller Firmware
Vendor: CVE Published:; 22 October 2019

What is CVE-2019-12148?

The Sangoma Session Border Controller (SBC) version 2.3.23-119 GA has a vulnerability in its web interface that facilitates authentication bypass through an argument injection flaw. This issue arises when special characters are utilized in the username field, allowing remote unauthenticated users to gain unauthorized access to the device's admin web portal without the need for valid credentials. The vulnerability specifically impacts the /var/webconfig/gui/Webconfig.inc.php file, compromising the security of the entire session border controller.

References

http://seclists.org/fulldisclosure/2019/Oct/41

mailing-listx_refsource_FULLDISC

http://packetstormsecurity.com/files/154915/Sangoma-SBC-2...

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 22, 2019
Vulnerability Reserved
May 16, 2019

CVE-2019-12148 Data

JSON