8.1
CVE-2023-26567
- EPSS 0.08%
- Veröffentlicht 26.04.2023 20:15:09
- Zuletzt bearbeitet 03.02.2025 18:15:28
- Quelle cve@mitre.org
- Teams Watchlist Login
- Unerledigt Login
Sangoma FreePBX 1805 through 2302 (when obtained as a ,.ISO file) places AMPDBUSER, AMPDBPASS, AMPMGRUSER, and AMPMGRPASS in the list of global variables. This exposes cleartext authentication credentials for the Asterisk Database (MariaDB/MySQL) and Asterisk Manager Interface. For example, an attacker can make a /ari/asterisk/variable?variable=AMPDBPASS API call.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Sangoma ≫ Freepbx Linux 7 Version1805
Sangoma ≫ Freepbx Linux 7 Version1904
Sangoma ≫ Freepbx Linux 7 Version1910
Sangoma ≫ Freepbx Linux 7 Version2002
Sangoma ≫ Freepbx Linux 7 Version2008
Sangoma ≫ Freepbx Linux 7 Version2011
Sangoma ≫ Freepbx Linux 7 Version2104
Sangoma ≫ Freepbx Linux 7 Version2105
Sangoma ≫ Freepbx Linux 7 Version2109
Sangoma ≫ Freepbx Linux 7 Version2112
Sangoma ≫ Freepbx Linux 7 Version2201
Sangoma ≫ Freepbx Linux 7 Version2202
Sangoma ≫ Freepbx Linux 7 Version2203
Sangoma ≫ Freepbx Linux 7 Version2302
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.08% | 0.253 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.1 | 2.8 | 5.2 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 8.1 | 2.8 | 5.2 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
|
CWE-522 Insufficiently Protected Credentials
The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.