CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-53564
https://notcve.org/view.php?id=CVE-2024-53564
02 Dec 2024 — An authenticated arbitrary file upload vulnerability in the component /module_admin/upload.php of freepbx v17.0.19.17 allows attackers to execute arbitrary code via uploading a crafted file. Una vulnerabilidad de carga de archivos arbitrarios autenticados en el componente /module_admin/upload.php de freepbx v17.0.19.17 permite a los atacantes ejecutar código arbitrario mediante la carga de un archivo manipulado específicamente. A vulnerability was discovered in FreePBX 17.0.19.17. It does not verify the typ... • https://gist.github.com/hyp164D1/490732de230edf97423f6d95b0d2f903 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-53566
https://notcve.org/view.php?id=CVE-2024-53566
02 Dec 2024 — An issue in the action_listcategories() function of Sangoma Asterisk v22/22.0.0/22.0.0-rc1/22.0.0-rc2/22.0.0-pre1 allows attackers to execute a path traversal. Un problema en la función action_listcategories() de Sangoma Asterisk v22/22.0.0/22.0.0-rc1/22.0.0-rc2/22.0.0-pre1 permite a los atacantes ejecutar un path traversal. • https://gist.github.com/hyp164D1/e7c0f44ffb38c00320aa1a6d98bee616 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29216
https://notcve.org/view.php?id=CVE-2024-29216
25 Mar 2024 — Exposed IOCTL with insufficient access control issue exists in cg6kwin2k.sys prior to 2.1.7.0. By sending a specific IOCTL request, a user without the administrator privilege may perform I/O to arbitrary hardware port or physical address, resulting in erasing or altering the firmware. Existe un IOCTL expuesto con un problema de control de acceso insuficiente en cg6kwin2k.sys anterior a 2.1.7.0. Al enviar una solicitud IOCTL específica, un usuario sin privilegios de administrador puede realizar E/S en un pue... • https://jvn.jp/en/vu/JVNVU90671953 • CWE-522: Insufficiently Protected Credentials •
CVSS: 7.5EPSS: 1%CPEs: 31EXPL: 6CVE-2023-49786 – Asterisk susceptible to Denial of Service via DTLS Hello packets during call initiation
https://notcve.org/view.php?id=CVE-2023-49786
14 Dec 2023 — Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1; as well as certified-asterisk prior to 18.9-cert6; Asterisk is susceptible to a DoS due to a race condition in the hello handshake phase of the DTLS protocol when handling DTLS-SRTP for media setup. This attack can be done continuously, thus denying new DTLS-SRTP encrypted calls during the attack. Abuse of this vulnerability may lead to a massive Denial of Service on vulnerabl... • https://packetstorm.news/files/id/176251 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-703: Improper Check or Handling of Exceptional Conditions •
CVSS: 8.5EPSS: 0%CPEs: 31EXPL: 0CVE-2023-37457 – Asterisk's PJSIP_HEADER dialplan function can overwrite memory/cause crash when using 'update'
https://notcve.org/view.php?id=CVE-2023-37457
14 Dec 2023 — Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk versions 18.20.0 and prior, 20.5.0 and prior, and 21.0.0; as well as ceritifed-asterisk 18.9-cert5 and prior, the 'update' functionality of the PJSIP_HEADER dialplan function can exceed the available buffer space for storing the new value of a header. By doing so this can overwrite memory or cause a crash. This is not externally exploitable, unless dialplan is explicitly written to update a header based on data from an out... • https://github.com/asterisk/asterisk/commit/a1ca0268254374b515fa5992f01340f7717113fa • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 31EXPL: 1CVE-2023-49294 – Asterisk Path Traversal vulnerability
https://notcve.org/view.php?id=CVE-2023-49294
14 Dec 2023 — Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, it is possible to read any arbitrary file even when the `live_dangerously` is not enabled. This allows arbitrary files to be read. Asterisk versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, contain a fix for this issue. Asterisk es un conjunto de herramientas de telefonía y centralita pri... • https://packetstorm.news/files/id/177819 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.0EPSS: 0%CPEs: 4EXPL: 1CVE-2023-43336
https://notcve.org/view.php?id=CVE-2023-43336
02 Nov 2023 — Sangoma Technologies FreePBX before cdr 15.0.18, 16.0.40, 15.0.16, and 16.0.17 was discovered to contain an access control issue via a modified parameter value, e.g., changing extension=self to extension=101. Se descubrió que Sangoma Technologies FreePBX anterior a cdr 15.0.18, 16.0.40, 15.0.16 y 16.0.17 contenía un problema de control de acceso a través de un valor de parámetro modificado, por ejemplo, cambiando extensión=self a extensión=101. • http://freepbx.com • CWE-284: Improper Access Control •
CVSS: 8.5EPSS: 0%CPEs: 14EXPL: 0CVE-2023-26567
https://notcve.org/view.php?id=CVE-2023-26567
26 Apr 2023 — Sangoma FreePBX 1805 through 2302 (when obtained as a ,.ISO file) places AMPDBUSER, AMPDBPASS, AMPMGRUSER, and AMPMGRPASS in the list of global variables. This exposes cleartext authentication credentials for the Asterisk Database (MariaDB/MySQL) and Asterisk Manager Interface. For example, an attacker can make a /ari/asterisk/variable?variable=AMPDBPASS API call. • https://qsecure.com.cy/resources/advisories/sangoma-freepbx-linux-insecure-permissions • CWE-522: Insufficiently Protected Credentials •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2019-25090 – FreePBX arimanager Views cross site scripting
https://notcve.org/view.php?id=CVE-2019-25090
27 Dec 2022 — A vulnerability was found in FreePBX arimanager up to 13.0.5.3 and classified as problematic. Affected by this issue is some unknown functionality of the component Views Handler. The manipulation of the argument dataurl leads to cross site scripting. The attack may be launched remotely. Upgrading to version 13.0.5.4 is able to address this issue. • https://github.com/FreePBX/arimanager/commit/199dea7cc7020d3c469a86a39fbd80f5edd3c5ab • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-4283 – FreeBPX voicemail Settings ssettings.php cross site scripting
https://notcve.org/view.php?id=CVE-2021-4283
27 Dec 2022 — A vulnerability was found in FreeBPX voicemail. It has been rated as problematic. Affected by this issue is some unknown functionality of the file views/ssettings.php of the component Settings Handler. The manipulation of the argument key leads to cross site scripting. The attack may be launched remotely. • https://github.com/FreePBX/voicemail/commit/ffce4882016076acd16fe0f676246905aa3cb2f3 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •