MitreCVE-2023-26567CVE-2023-26567
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
AI Score
Confidence
High
EPSS
Percentile
73.2%
Sangoma FreePBX 1805 through 2302 (when obtained as a ,.ISO file) places AMPDBUSER, AMPDBPASS, AMPMGRUSER, and AMPMGRPASS in the list of global variables. This exposes cleartext authentication credentials for the Asterisk Database (MariaDB/MySQL) and Asterisk Manager Interface. For example, an attacker can make a /ari/asterisk/variable?variable=AMPDBPASS API call.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| sangoma | freepbx_linux_7 | 1805 | cpe:2.3:a:sangoma:freepbx_linux_7:1805:*:*:*:*:*:*:* |
| sangoma | freepbx_linux_7 | 1904 | cpe:2.3:a:sangoma:freepbx_linux_7:1904:*:*:*:*:*:*:* |
| sangoma | freepbx_linux_7 | 1910 | cpe:2.3:a:sangoma:freepbx_linux_7:1910:*:*:*:*:*:*:* |
| sangoma | freepbx_linux_7 | 2002 | cpe:2.3:a:sangoma:freepbx_linux_7:2002:*:*:*:*:*:*:* |
| sangoma | freepbx_linux_7 | 2008 | cpe:2.3:a:sangoma:freepbx_linux_7:2008:*:*:*:*:*:*:* |
| sangoma | freepbx_linux_7 | 2011 | cpe:2.3:a:sangoma:freepbx_linux_7:2011:*:*:*:*:*:*:* |
| sangoma | freepbx_linux_7 | 2104 | cpe:2.3:a:sangoma:freepbx_linux_7:2104:*:*:*:*:*:*:* |
| sangoma | freepbx_linux_7 | 2105 | cpe:2.3:a:sangoma:freepbx_linux_7:2105:*:*:*:*:*:*:* |
| sangoma | freepbx_linux_7 | 2109 | cpe:2.3:a:sangoma:freepbx_linux_7:2109:*:*:*:*:*:*:* |
| sangoma | freepbx_linux_7 | 2112 | cpe:2.3:a:sangoma:freepbx_linux_7:2112:*:*:*:*:*:*:* |
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
AI Score
Confidence
High
EPSS
Percentile
73.2%