Access Control Issue in FreePBX by Sangoma Technologies
CVE-2023-43336

8.8HIGH

Key Information:

Vendor: Sangoma
Status: Freepbx
Vendor: CVE Published:; 2 November 2023

What is CVE-2023-43336?

An access control vulnerability has been identified in FreePBX, a widely used VoIP telephony platform by Sangoma Technologies. This issue arises when user-supplied data is improperly handled, allowing attackers to manipulate parameter values. By changing the extension parameter from 'self' to '101', unauthorized access can potentially be gained. It is crucial for users running affected versions to apply the latest updates to secure their deployments and mitigate this risk.

References

http://freepbx.com

http://sangoma.com

https://medium.com/%40janirudransh/security-disclosure-of...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 2, 2023
Vulnerability Reserved
Sep 18, 2023

CVE-2023-43336 Data

JSON