CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-26567

Sangoma FreePBX 1805 through 2302 (when obtained as a ,.ISO file) places AMPDBUSER, AMPDBPASS, AMPMGRUSER, and AMPMGRPASS in the list of global variables. This exposes cleartext authentication credentials for the Asterisk Database (MariaDB/MySQL) and Asterisk Manager Interface. For example, an attacker can make a /ari/asterisk/variable?variable=AMPDBPASS API call.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 25.3%

CVSS Severity

CVSS v3 Score 8.1

References

Products affected by CVE-2023-26567

Sangoma » Freepbx Linux 7 » Version: 1805

cpe:2.3:a:sangoma:freepbx_linux_7:1805
Sangoma » Freepbx Linux 7 » Version: 1904

cpe:2.3:a:sangoma:freepbx_linux_7:1904
Sangoma » Freepbx Linux 7 » Version: 1910

cpe:2.3:a:sangoma:freepbx_linux_7:1910
Sangoma » Freepbx Linux 7 » Version: 2002

cpe:2.3:a:sangoma:freepbx_linux_7:2002
Sangoma » Freepbx Linux 7 » Version: 2008

cpe:2.3:a:sangoma:freepbx_linux_7:2008
Sangoma » Freepbx Linux 7 » Version: 2011

cpe:2.3:a:sangoma:freepbx_linux_7:2011
Sangoma » Freepbx Linux 7 » Version: 2104

cpe:2.3:a:sangoma:freepbx_linux_7:2104
Sangoma » Freepbx Linux 7 » Version: 2105

cpe:2.3:a:sangoma:freepbx_linux_7:2105
Sangoma » Freepbx Linux 7 » Version: 2109

cpe:2.3:a:sangoma:freepbx_linux_7:2109
Sangoma » Freepbx Linux 7 » Version: 2112

cpe:2.3:a:sangoma:freepbx_linux_7:2112
Sangoma » Freepbx Linux 7 » Version: 2201

cpe:2.3:a:sangoma:freepbx_linux_7:2201
Sangoma » Freepbx Linux 7 » Version: 2202

cpe:2.3:a:sangoma:freepbx_linux_7:2202
Sangoma » Freepbx Linux 7 » Version: 2203

cpe:2.3:a:sangoma:freepbx_linux_7:2203
Sangoma » Freepbx Linux 7 » Version: 2302

cpe:2.3:a:sangoma:freepbx_linux_7:2302

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-26567

Products

Pricing

Contact Us