Insecure Variable Exposure in Sangoma FreePBX
CVE-2023-26567

8.1HIGH

Key Information:

Vendor

Sangoma

Status
Freepbx Linux 7
Vendor
CVE Published:
26 April 2023

What is CVE-2023-26567?

Sangoma FreePBX versions from 1805 to 2302, when acquired in .ISO format, improperly manage global variables, exposing sensitive authentication credentials such as AMPDBUSER, AMPDBPASS, AMPMGRUSER, and AMPMGRPASS. This flaw allows attackers to retrieve cleartext database credentials, significantly increasing the risk of unauthorized database access. For instance, issuing an API call such as /ari/asterisk/variable?variable=AMPDBPASS grants visibility into critical credentials, putting users' systems and data at risk.

References

https://www.freepbx.org
https://www.sangoma.com/products/open-source/
https://qsecure.com.cy/resources/advisories/sangoma-freep...

CVSS V3.1

Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.