Lucene search

[email protected]CVE-2023-43336

HistoryNov 02, 2023 - 12:15 p.m.

CVE-2023-43336

2023-11-0212:15:09

[email protected]

web.nvd.nist.gov

sangoma

technologies

freepbx

cdr

access control

vulnerability

cve-2023-43336

nvd

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.7 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

74.7%

JSON

Sangoma Technologies FreePBX before cdr 15.0.18, 16.0.40, 15.0.16, and 16.0.17 was discovered to contain an access control issue via a modified parameter value, e.g., changing extension=self to extension=101.

Affected configurations

NVD

Node

sangomafreepbxRange<15.0.16

sangomafreepbxRange16.0.2–16.0.17

Node

sangomafreepbxRange<15.0.18

sangomafreepbxRange16.0.2–16.0.40

CPENameOperatorVersion
sangoma:freepbxsangoma freepbxlt15.0.16
sangoma:freepbxsangoma freepbxlt16.0.17

CPE	Name	Operator	Version
sangoma:freepbx	sangoma freepbx	lt	15.0.16
sangoma:freepbx	sangoma freepbx	lt	16.0.17

References

freepbx.com

sangoma.com

medium.com/%40janirudransh/security-disclosure-of-vulnerability-cve-2023-23336-4429d416f826

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.7 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

74.7%

JSON

Related for CVE-2023-43336

cvelist1 prion1 nvd1 osv1