{ "id": "CVE-2023-26567", "sourceIdentifier": "cve@mitre.org", "published": "2023-04-26T20:15:09.860", "lastModified": "2023-05-05T15:10:19.097", "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Sangoma FreePBX 1805 through 2302 (when obtained as a ,.ISO file) places AMPDBUSER, AMPDBPASS, AMPMGRUSER, and AMPMGRPASS in the list of global variables. This exposes cleartext authentication credentials for the Asterisk Database (MariaDB/MySQL) and Asterisk Manager Interface. For example, an attacker can make a /ari/asterisk/variable?variable=AMPDBPASS API call." } ], "metrics": { "cvssMetricV31": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH" }, "exploitabilityScore": 2.8, "impactScore": 5.2 } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-522" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:sangoma:freepbx_linux_7:1805:*:*:*:*:*:*:*", "matchCriteriaId": "7F799892-BFCA-4184-BF34-4D316A7B5304" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sangoma:freepbx_linux_7:1904:*:*:*:*:*:*:*", "matchCriteriaId": "DCC57541-8B9A-4F7C-B5AD-BABDE74D987B" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sangoma:freepbx_linux_7:1910:*:*:*:*:*:*:*", "matchCriteriaId": "CDB0599D-399C-4B25-AC8D-F0DFD9F960C9" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sangoma:freepbx_linux_7:2002:*:*:*:*:*:*:*", "matchCriteriaId": "2CC01C41-5999-48DF-BA27-EB08793F9C62" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sangoma:freepbx_linux_7:2008:*:*:*:*:*:*:*", "matchCriteriaId": "1A62509A-E706-4AAE-980A-538A95FAEFFD" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sangoma:freepbx_linux_7:2011:*:*:*:*:*:*:*", "matchCriteriaId": "44020ABA-8123-4E39-95CD-99C96DA76630" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sangoma:freepbx_linux_7:2104:*:*:*:*:*:*:*", "matchCriteriaId": "59E7AB2A-F42F-495B-9786-63157F8FFD39" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sangoma:freepbx_linux_7:2105:*:*:*:*:*:*:*", "matchCriteriaId": "6A022DFF-AFB0-4BC9-9995-C0732D4A53D3" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sangoma:freepbx_linux_7:2109:*:*:*:*:*:*:*", "matchCriteriaId": "F34D4BBD-FCE8-41C3-8E72-4FB06AE93D6C" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sangoma:freepbx_linux_7:2112:*:*:*:*:*:*:*", "matchCriteriaId": "938CB1A3-B087-4B13-8017-FB20EA66E25E" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sangoma:freepbx_linux_7:2201:*:*:*:*:*:*:*", "matchCriteriaId": "5091CC73-0948-4F66-A95F-08B2D806706E" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sangoma:freepbx_linux_7:2202:*:*:*:*:*:*:*", "matchCriteriaId": "938FF93C-F1D1-46AC-8EBE-4EAF9B3266FD" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sangoma:freepbx_linux_7:2203:*:*:*:*:*:*:*", "matchCriteriaId": "AAFC050D-EEFD-4DD2-BCF3-A5209BD07A8F" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sangoma:freepbx_linux_7:2302:*:*:*:*:*:*:*", "matchCriteriaId": "B3D1EA05-C694-421E-BD19-9FEA00731998" } ] } ] } ], "references": [ { "url": "https://qsecure.com.cy/resources/advisories/sangoma-freepbx-linux-insecure-permissions", "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ] }, { "url": "https://www.freepbx.org", "source": "cve@mitre.org", "tags": [ "Product" ] }, { "url": "https://www.sangoma.com/products/open-source/", "source": "cve@mitre.org", "tags": [ "Product" ] } ] }