admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 09:11:28 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2023/CVE-2023-265xx/CVE-2023-26567.json
cad-safe-bot 3d55109558 Auto-Update: 2025-02-03T19:00:25.115614+00:00
2025-02-03 19:03:51 +00:00

206 lines
6.5 KiB
JSON
Raw Blame History

{
"id": "CVE-2023-26567",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-04-26T20:15:09.860",
"lastModified": "2025-02-03T18:15:28.833",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Sangoma FreePBX 1805 through 2302 (when obtained as a ,.ISO file) places AMPDBUSER, AMPDBPASS, AMPMGRUSER, and AMPMGRPASS in the list of global variables. This exposes cleartext authentication credentials for the Asterisk Database (MariaDB/MySQL) and Asterisk Manager Interface. For example, an attacker can make a /ari/asterisk/variable?variable=AMPDBPASS API call."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-522"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-522"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sangoma:freepbx_linux_7:1805:*:*:*:*:*:*:*",
"matchCriteriaId": "7F799892-BFCA-4184-BF34-4D316A7B5304"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sangoma:freepbx_linux_7:1904:*:*:*:*:*:*:*",
"matchCriteriaId": "DCC57541-8B9A-4F7C-B5AD-BABDE74D987B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sangoma:freepbx_linux_7:1910:*:*:*:*:*:*:*",
"matchCriteriaId": "CDB0599D-399C-4B25-AC8D-F0DFD9F960C9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sangoma:freepbx_linux_7:2002:*:*:*:*:*:*:*",
"matchCriteriaId": "2CC01C41-5999-48DF-BA27-EB08793F9C62"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sangoma:freepbx_linux_7:2008:*:*:*:*:*:*:*",
"matchCriteriaId": "1A62509A-E706-4AAE-980A-538A95FAEFFD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sangoma:freepbx_linux_7:2011:*:*:*:*:*:*:*",
"matchCriteriaId": "44020ABA-8123-4E39-95CD-99C96DA76630"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sangoma:freepbx_linux_7:2104:*:*:*:*:*:*:*",
"matchCriteriaId": "59E7AB2A-F42F-495B-9786-63157F8FFD39"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sangoma:freepbx_linux_7:2105:*:*:*:*:*:*:*",
"matchCriteriaId": "6A022DFF-AFB0-4BC9-9995-C0732D4A53D3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sangoma:freepbx_linux_7:2109:*:*:*:*:*:*:*",
"matchCriteriaId": "F34D4BBD-FCE8-41C3-8E72-4FB06AE93D6C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sangoma:freepbx_linux_7:2112:*:*:*:*:*:*:*",
"matchCriteriaId": "938CB1A3-B087-4B13-8017-FB20EA66E25E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sangoma:freepbx_linux_7:2201:*:*:*:*:*:*:*",
"matchCriteriaId": "5091CC73-0948-4F66-A95F-08B2D806706E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sangoma:freepbx_linux_7:2202:*:*:*:*:*:*:*",
"matchCriteriaId": "938FF93C-F1D1-46AC-8EBE-4EAF9B3266FD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sangoma:freepbx_linux_7:2203:*:*:*:*:*:*:*",
"matchCriteriaId": "AAFC050D-EEFD-4DD2-BCF3-A5209BD07A8F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sangoma:freepbx_linux_7:2302:*:*:*:*:*:*:*",
"matchCriteriaId": "B3D1EA05-C694-421E-BD19-9FEA00731998"
}
]
}
]
}
],
"references": [
{
"url": "https://qsecure.com.cy/resources/advisories/sangoma-freepbx-linux-insecure-permissions",
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.freepbx.org",
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://www.sangoma.com/products/open-source/",
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://qsecure.com.cy/resources/advisories/sangoma-freepbx-linux-insecure-permissions",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.freepbx.org",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
]
},
{
"url": "https://www.sangoma.com/products/open-source/",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink