Remote Command Execution Vulnerability in Sangoma FreePBX and sysadmin Modules
CVE-2019-19538

7.2HIGH

Key Information:

Vendor: Sangoma
Status: Freepbx
Vendor: CVE Published:; 16 March 2020

What is CVE-2019-19538?

Sangoma FreePBX and sysadmin modules contain a vulnerability that allows remote command execution, enabling attackers to escalate their privileges. This flaw affects FreePBX versions 13, 14, and 15, as well as sysadmin versions 13.0.92 to 15.0.13.6. Exploiting this vulnerability could allow unauthorized users to execute commands on the server, potentially compromising the overall security of the system.

References

https://community.freepbx.org/t/freepbx-security-vulnerab...

x_refsource_MISC

https://wiki.freepbx.org/display/FOP/2019-12-03+Remote+Co...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 16, 2020
Vulnerability Reserved
Dec 3, 2019

CVE-2019-19538 Data

JSON