CVE-2023-26567
Severity CVSS v4.0:
Pending analysis
Type:
CWE-522
Insufficiently Protected Credentials
Publication date:
26/04/2023
Last modified:
03/02/2025
Description
Sangoma FreePBX 1805 through 2302 (when obtained as a ,.ISO file) places AMPDBUSER, AMPDBPASS, AMPMGRUSER, and AMPMGRPASS in the list of global variables. This exposes cleartext authentication credentials for the Asterisk Database (MariaDB/MySQL) and Asterisk Manager Interface. For example, an attacker can make a /ari/asterisk/variable?variable=AMPDBPASS API call.
Impact
Base Score 3.x
8.10
Severity 3.x
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:sangoma:freepbx_linux_7:1805:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sangoma:freepbx_linux_7:1904:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sangoma:freepbx_linux_7:1910:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sangoma:freepbx_linux_7:2002:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sangoma:freepbx_linux_7:2008:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sangoma:freepbx_linux_7:2011:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sangoma:freepbx_linux_7:2104:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sangoma:freepbx_linux_7:2105:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sangoma:freepbx_linux_7:2109:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sangoma:freepbx_linux_7:2112:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sangoma:freepbx_linux_7:2201:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sangoma:freepbx_linux_7:2202:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sangoma:freepbx_linux_7:2203:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sangoma:freepbx_linux_7:2302:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://qsecure.com.cy/resources/advisories/sangoma-freepbx-linux-insecure-permissions
- https://www.freepbx.org
- https://www.sangoma.com/products/open-source/
- https://qsecure.com.cy/resources/advisories/sangoma-freepbx-linux-insecure-permissions
- https://www.freepbx.org
- https://www.sangoma.com/products/open-source/