CVE-2023-26567
Severity Score
8.1
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track*
*SSVC
Descriptions
Sangoma FreePBX 1805 through 2302 (when obtained as a ,.ISO file) places AMPDBUSER, AMPDBPASS, AMPMGRUSER, and AMPMGRPASS in the list of global variables. This exposes cleartext authentication credentials for the Asterisk Database (MariaDB/MySQL) and Asterisk Manager Interface. For example, an attacker can make a /ari/asterisk/variable?variable=AMPDBPASS API call.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track*
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2023-02-26 CVE Reserved
- 2023-04-26 CVE Published
- 2025-02-03 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-522: Insufficiently Protected Credentials
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| https://qsecure.com.cy/resources/advisories/sangoma-freepbx-linux-insecure-permissions | Third Party Advisory | |
| https://www.freepbx.org | Product | |
| https://www.sangoma.com/products/open-source | Product |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Sangoma Search vendor "Sangoma" | Freepbx Linux 7 Search vendor "Sangoma" for product "Freepbx Linux 7" | 1805 Search vendor "Sangoma" for product "Freepbx Linux 7" and version "1805" | - |
Affected
| ||||||
| Sangoma Search vendor "Sangoma" | Freepbx Linux 7 Search vendor "Sangoma" for product "Freepbx Linux 7" | 1904 Search vendor "Sangoma" for product "Freepbx Linux 7" and version "1904" | - |
Affected
| ||||||
| Sangoma Search vendor "Sangoma" | Freepbx Linux 7 Search vendor "Sangoma" for product "Freepbx Linux 7" | 1910 Search vendor "Sangoma" for product "Freepbx Linux 7" and version "1910" | - |
Affected
| ||||||
| Sangoma Search vendor "Sangoma" | Freepbx Linux 7 Search vendor "Sangoma" for product "Freepbx Linux 7" | 2002 Search vendor "Sangoma" for product "Freepbx Linux 7" and version "2002" | - |
Affected
| ||||||
| Sangoma Search vendor "Sangoma" | Freepbx Linux 7 Search vendor "Sangoma" for product "Freepbx Linux 7" | 2008 Search vendor "Sangoma" for product "Freepbx Linux 7" and version "2008" | - |
Affected
| ||||||
| Sangoma Search vendor "Sangoma" | Freepbx Linux 7 Search vendor "Sangoma" for product "Freepbx Linux 7" | 2011 Search vendor "Sangoma" for product "Freepbx Linux 7" and version "2011" | - |
Affected
| ||||||
| Sangoma Search vendor "Sangoma" | Freepbx Linux 7 Search vendor "Sangoma" for product "Freepbx Linux 7" | 2104 Search vendor "Sangoma" for product "Freepbx Linux 7" and version "2104" | - |
Affected
| ||||||
| Sangoma Search vendor "Sangoma" | Freepbx Linux 7 Search vendor "Sangoma" for product "Freepbx Linux 7" | 2105 Search vendor "Sangoma" for product "Freepbx Linux 7" and version "2105" | - |
Affected
| ||||||
| Sangoma Search vendor "Sangoma" | Freepbx Linux 7 Search vendor "Sangoma" for product "Freepbx Linux 7" | 2109 Search vendor "Sangoma" for product "Freepbx Linux 7" and version "2109" | - |
Affected
| ||||||
| Sangoma Search vendor "Sangoma" | Freepbx Linux 7 Search vendor "Sangoma" for product "Freepbx Linux 7" | 2112 Search vendor "Sangoma" for product "Freepbx Linux 7" and version "2112" | - |
Affected
| ||||||
| Sangoma Search vendor "Sangoma" | Freepbx Linux 7 Search vendor "Sangoma" for product "Freepbx Linux 7" | 2201 Search vendor "Sangoma" for product "Freepbx Linux 7" and version "2201" | - |
Affected
| ||||||
| Sangoma Search vendor "Sangoma" | Freepbx Linux 7 Search vendor "Sangoma" for product "Freepbx Linux 7" | 2202 Search vendor "Sangoma" for product "Freepbx Linux 7" and version "2202" | - |
Affected
| ||||||
| Sangoma Search vendor "Sangoma" | Freepbx Linux 7 Search vendor "Sangoma" for product "Freepbx Linux 7" | 2203 Search vendor "Sangoma" for product "Freepbx Linux 7" and version "2203" | - |
Affected
| ||||||
| Sangoma Search vendor "Sangoma" | Freepbx Linux 7 Search vendor "Sangoma" for product "Freepbx Linux 7" | 2302 Search vendor "Sangoma" for product "Freepbx Linux 7" and version "2302" | - |
Affected
| ||||||