CVE-2019-19006
https://notcve.org/view.php?id=CVE-2019-19006
Sangoma FreePBX 115.0.16.26 and below, 14.0.13.11 and below, 13.0.197.13 and below have Incorrect Access Control. Sangoma FreePBX versión 115.0.16.26 y anteriores, versión 14.0.13.11 y anteriores, versión 13.0.197.13 y anteriores, presenta un Control de Acceso Incorrecto. • https://community.freepbx.org/t/freepbx-security-vulnerability-sec-2019-001/62772 https://pastebin.com/2CdsQMKW https://wiki.freepbx.org/display/FOP/2019-11-20+Remote+Admin+Authentication+Bypass https://www.freepbx.org/category/blog • CWE-287: Improper Authentication •
CVE-2019-16967
https://notcve.org/view.php?id=CVE-2019-16967
An issue was discovered in Manager 13.x before 13.0.2.6 and 15.x before 15.0.6 before FreePBX 14.0.10.3. In the Manager module form (html\admin\modules\manager\views\form.php), an unsanitized managerdisplay variable coming from the URL is reflected in HTML, leading to XSS. It can be requested via GET request to /config.php?type=tool&display=manager. Se detectó un problema en Manager versiones 13.x anteriores a 13.0.2.6 y versiones 15.x anteriores a 15.0.6 antes del FreePBX versión 14.0.10.3. • https://github.com/FreePBX/manager/commit/071a50983ca6a373bb2d1d3db68e9eda4667a372 https://issues.freepbx.org/browse/FREEPBX-20436 https://resp3ctblog.wordpress.com/2019/10/19/freepbx-xss-2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2019-16966
https://notcve.org/view.php?id=CVE-2019-16966
An issue was discovered in Contactmanager 13.x before 13.0.45.3, 14.x before 14.0.5.12, and 15.x before 15.0.8.21 for FreePBX 14.0.10.3. In the Contactmanager class (html\admin\modules\contactmanager\Contactmanager.class.php), an unsanitized group variable coming from the URL is reflected in HTML on 2 occasions, leading to XSS. It can be requested via a GET request to /admin/ajax.php?module=contactmanager. Se detectó un problema en Contactmanager versiones 13.x anteriores a 13.0.45.3, versiones 14.x anteriores a 14.0.5.12 y versiones 15.x anteriores a 15.0.8.21 para FreePBX versión 14.0.10.3. • https://github.com/FreePBX/contactmanager/commit/99e5aa0050224289cfe64c9036f38ce2531bf633 https://issues.freepbx.org/browse/FREEPBX-20437 https://resp3ctblog.wordpress.com/2019/10/19/freepbx-xss-1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2019-12148 – Sangoma SBC 2.3.23-119-GA Authentication Bypass
https://notcve.org/view.php?id=CVE-2019-12148
The Sangoma Session Border Controller (SBC) 2.3.23-119 GA web interface is vulnerable to an authentication bypass via an argument injection vulnerability involving special characters in the username field. Upon successful exploitation, a remote unauthenticated user can login into the device's admin web portal without providing any credentials. This affects /var/webconfig/gui/Webconfig.inc.php. La interfaz web GA de Sangoma Session Border Controller (SBC) versión 2.3.23-119, es vulnerable a una omisión de autenticación por medio de una vulnerabilidad de inyección de argumentos que implica caracteres especiales en el campo username. Tras una explotación con éxito, un usuario no autenticado remoto puede iniciar sesión en el portal web de administración del dispositivo sin proporcionar ninguna credencial. • http://packetstormsecurity.com/files/154915/Sangoma-SBC-2.3.23-119-GA-Authentication-Bypass.html http://seclists.org/fulldisclosure/2019/Oct/41 • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVE-2019-12147 – Sangoma SBC 2.3.23-119-GA Unauthenticated User Creation
https://notcve.org/view.php?id=CVE-2019-12147
The Sangoma Session Border Controller (SBC) 2.3.23-119 GA web interface is vulnerable to Argument Injection via special characters in the username field. Upon successful exploitation, a remote unauthenticated user can create a local system user with sudo privileges, and use that user to login to the system (either via the web interface or via SSH) to achieve complete compromise of the device. This affects /var/webconfig/gui/Webconfig.inc.php and /usr/local/sng/bin/sng-user-mgmt. La interfaz web GA de Sangoma Session Border Controller (SBC) versión 2.3.23-119, es vulnerable a una Inyección de Argumentos mediante caracteres especiales en el campo username. Tras una explotación con éxito, un usuario no autenticado remoto puede crear un usuario del sistema local con privilegios de sudo, y usar ese usuario para iniciar sesión en el sistema (bien sea por medio de la interfaz web o mediante SSH) para lograr un compromiso completo del dispositivo. • http://packetstormsecurity.com/files/154914/Sangoma-SBC-2.3.23-119-GA-Unauthenticated-User-Creation.html http://seclists.org/fulldisclosure/2019/Oct/40 https://blog.appsecco.com • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •