Vulnerability Details : CVE-2023-26567
Sangoma FreePBX 1805 through 2302 (when obtained as a ,.ISO file) places AMPDBUSER, AMPDBPASS, AMPMGRUSER, and AMPMGRPASS in the list of global variables. This exposes cleartext authentication credentials for the Asterisk Database (MariaDB/MySQL) and Asterisk Manager Interface. For example, an attacker can make a /ari/asterisk/variable?variable=AMPDBPASS API call.
Products affected by CVE-2023-26567
- cpe:2.3:a:sangoma:freepbx_linux_7:1805:*:*:*:*:*:*:*
- cpe:2.3:a:sangoma:freepbx_linux_7:1904:*:*:*:*:*:*:*
- cpe:2.3:a:sangoma:freepbx_linux_7:1910:*:*:*:*:*:*:*
- cpe:2.3:a:sangoma:freepbx_linux_7:2002:*:*:*:*:*:*:*
- cpe:2.3:a:sangoma:freepbx_linux_7:2008:*:*:*:*:*:*:*
- cpe:2.3:a:sangoma:freepbx_linux_7:2011:*:*:*:*:*:*:*
- cpe:2.3:a:sangoma:freepbx_linux_7:2104:*:*:*:*:*:*:*
- cpe:2.3:a:sangoma:freepbx_linux_7:2105:*:*:*:*:*:*:*
- cpe:2.3:a:sangoma:freepbx_linux_7:2109:*:*:*:*:*:*:*
- cpe:2.3:a:sangoma:freepbx_linux_7:2112:*:*:*:*:*:*:*
- cpe:2.3:a:sangoma:freepbx_linux_7:2201:*:*:*:*:*:*:*
- cpe:2.3:a:sangoma:freepbx_linux_7:2202:*:*:*:*:*:*:*
- cpe:2.3:a:sangoma:freepbx_linux_7:2203:*:*:*:*:*:*:*
- cpe:2.3:a:sangoma:freepbx_linux_7:2302:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-26567
0.27%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 67 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-26567
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
8.1
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N |
2.8
|
5.2
|
NIST |
CWE ids for CVE-2023-26567
-
The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.Assigned by: nvd@nist.gov (Primary)
References for CVE-2023-26567
-
https://www.sangoma.com/products/open-source/
Open Source - Sangoma TechnologiesProduct
-
https://qsecure.com.cy/resources/advisories/sangoma-freepbx-linux-insecure-permissions
QSecure - Sangoma FreePBX Linux Insecure PermissionsThird Party Advisory
-
https://www.freepbx.org
FreePBX | Open source, web-based, IP PBX management tool.Product
Jump to